Portal de Periódicos da CAPES

Identifying the leaders and main conspirators of the attacks in terrorist networks

2022; Electronics and Telecommunications Research Institute; Volume: 44; Issue: 6 Linguagem: Inglês

10.4218/etrij.2021-0239

2233-7326

Abhay Kumar, S. Kumar,

Terrorism, Counterterrorism, and Political Violence

ETRI JournalEarly View ORIGINAL ARTICLEFree Access Identifying the leaders and main conspirators of the attacks in terrorist networks Abhay Kumar Rai, Corresponding Author Abhay Kumar Rai abhay.jk87@gmail.com orcid.org/0000-0002-3009-9764 Department of Computer Science, Banasthali Vidyapith, Rajasthan, India Correspondence Abhay Kumar Rai, Department of Computer Science, Banasthali Vidyapith, Rajasthan, India. Email: abhay.jk87@gmail.comSearch for more papers by this authorSumit Kumar, Sumit Kumar Centre of Computer Education, IPS, University of Allahabad, Allahabad, IndiaSearch for more papers by this author Abhay Kumar Rai, Corresponding Author Abhay Kumar Rai abhay.jk87@gmail.com orcid.org/0000-0002-3009-9764 Department of Computer Science, Banasthali Vidyapith, Rajasthan, India Correspondence Abhay Kumar Rai, Department of Computer Science, Banasthali Vidyapith, Rajasthan, India. Email: abhay.jk87@gmail.comSearch for more papers by this authorSumit Kumar, Sumit Kumar Centre of Computer Education, IPS, University of Allahabad, Allahabad, IndiaSearch for more papers by this author First published: 16 May 2022 https://doi.org/10.4218/etrij.2021-0239AboutSectionsPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onFacebookTwitterLinked InRedditWechat Abstract This study proposes a novel method for identifying the primary conspirators involved in terrorist activities. To map the information related to terrorist activities, we gathered information from different sources of real cases involving terrorist attacks. We extracted useful information from available sources and then mapped them in the form of terrorist networks, and this mapping provided us with insights in these networks. Furthermore, we came up with a novel centrality measure for identifying the primary conspirators of a terrorist attack. Because the leaders of terrorist attacks usually direct conspirators to conduct terrorist activities, we designed a novel algorithm that can identify such leaders. This algorithm can identify terrorist attack leaders even if they have less connectivity in networks. We tested the effectiveness of the proposed algorithms on four real-world datasets and conducted an experimental evaluation, and the proposed algorithms could correctly identify the primary conspirators and leaders of the attacks in the four cases. To summarize, this work may provide information support for security agencies and can be helpful during the trials of the cases related to terrorist attacks. 1 INTRODUCTION In the last few decades, multiple terrorist activities have been reported around the world. Any terrorist activity brings threats to human beings and damages the public property of a country. Thus, preventing terrorist attacks is among the most prominent goals related to the national security of any country. Across the whole world, most countries face the problem of terrorism and thus invest considerable amounts of money in their security agencies. Moreover, the ultimate aim of the security agencies of any country is to take preventive measures such that terrorist acts can be prevented. One of the approaches of analyzing terrorist activities is to represent a complete terrorist activity in the form of a network. The actors involved in an attack (directly or indirectly) or those who are part of a conspiracy act as nodes, and the interactions or associations between these actors act as links. Many centrality-based techniques have been previously designed for identifying the key actors involved in terrorist activities. We can broadly categorize key actors into two categories: main conspirators and attack leaders. The first category of key actors is the primary conspirators who have direct involvement in the planning and execution of an attack. Such actors can be identified using network theory-based techniques. In general, centrality-based methods are most suitable for identifying such actors because they measure the influence of each node present in a network. The second category of actors, the leaders, who do not have direct involvement in the attacks, are weakly connected to the network, and they only provide instructions for their subordinates to perform terrorist activities. Therefore, in a network, they show little participation. Existing network theory-based techniques cannot identify such actors. To our knowledge, none of the existing methods can identify the leaders of a terrorist attack. The formulation used in centrality-based techniques cannot capture the information related to the leaders of terrorist attacks. In most cases, leaders hire or influence other people to plan an attack. Then, the planners hire their subordinates to recruit attackers, provide technical support to the attackers, arrange trainers for the attackers, and arrange the arms and other logistics required for the execution of the attack. The people in terrorist networks demonstrate different behaviors from those of the people in social networks. Berzinji and others [1] used five centrality-based techniques to identify the key actors in terrorist networks. They took those nodes as key actors who have top-k centrality scores for most of the centrality measures. However, the leaders of terrorist attacks cannot be identified using such techniques. Another limitation with existing methods is that they do not determine the relative contribution of an individual in an overall conspiracy or attack. Therefore, a mechanism is required for identifying the primary conspirators and leaders of terrorist attacks and the share of each individual in the whole act. In this study, we aimed to come up with a solution for identifying the primary conspirators and leaders of terrorist attacks. We created a ranking list for the people involved in terrorist activities such that the primary conspirators occupy the top positions of the list. Through this list, the role of each individual in an attack can be identified. Moreover, we designed a novel algorithm that can identify the leaders of terrorist attacks and then evaluated the effectiveness of the proposed method using four real-world terrorist network datasets. The experimental results indicated the effectiveness of the proposed method in identifying the primary conspirators and leaders over all the used datasets. 1.1 Motivation Many efforts have been made by researchers to address the global issue of terrorism, and in most of them, centrality-based measures were used to identify the key actors related to terrorist activities. However, in real-world terrorist networks, the existing network theory-based or centrality-based methods are insufficient for identifying each category of the key actors. The flow of information in such networks is different from that in other real-world networks such as social networks, biological networks, and citation networks. In any terrorist network, the leaders do not actively participate in the planning and execution of an attack, and they only instruct their subordinates to perform attacks. However, in reality, they are the most responsible people for any terrorist attack. The second category of key actors, the main conspirators, plays active roles in the planning and execution of attacks, and they can be identified by applying existing network theory-based concepts such as centrality-based measures. This is because they have several associations within a network. Moreover, an adequate level of information flows through such actors. The leaders of terrorist attacks cannot be identified by existing network theory measures because they only have a few associations within the network. Moreover, little information flows through the leaders. The contribution of each actor cannot be measured in an overall attack using the existing methods. One example is betweenness centrality, which gives zero scores for many actors even if they actively participate in the planning and execution of attacks. This is practically demonstrated later in Section 5.1. To cope with these limitations, we have been motivated to provide solutions to these limitations. The proposed solutions in this study can identify both categories of the key actors and identify their shares in overall terrorist activities. In this study, we used four real-world cases to prepare our datasets. Furthermore, we defined a centrality-based measure to identify the key conspirators directly involved in terrorist attacks. This measure can determine the share of each actor in an overall terrorist activity. Moreover, we designed an algorithm for identifying the leaders of terrorist attacks, where the basic idea behind this algorithm is that the masterminds of terrorist attacks are only associated with the top conspirators. Using the proposed method, we calculated centrality scores for identifying the primary conspirators and their relative contributions to terrorist attacks. We designed a separate algorithm for detecting the leaders who do not look active in terrorist networks. The performance of the proposed algorithms was examined on four real-world datasets. Unlike other methods, the proposed algorithms could successfully identify both the primary conspirators and leaders of the attacks. 1.2 Contributions The contributions of this paper are as follows: We prepared real-world datasets of terrorist networks using the proceedings and confessional statements of the accused people in four real-world cases. We propose a novel centrality-based measure for identifying the main conspirators and their relative contributions to terrorist networks. This method incorporates the concept of the shortest path in identifying the primary conspirators. We propose a novel algorithm for identifying the leaders of the terrorist attacks who are not directly visible in the terrorist network. We performed an experimental evaluation of the proposed method using the prepared datasets. 2 RELATED WORK Many methods for analyzing terrorist networks have been designed in the past few decades [2-11]. Certain good survey papers and studies on terrorist networks are available in existing literature [12-20]. In most cases, centrality-based measures were used to identify the primary conspirators in terrorist networks. Out of many, we discuss here some of the most known cases. Sparrow [10] used six centrality-based measures, three concepts related to equivalence and a concept of weak ties, to examine their relevance so as to analyze terrorist networks. He efficiently presented a method of applying these concepts to terrorist networks so as to extract useful information from them. The extracted information can be used by law enforcement agencies to take preventive measures against terrorism. Berzinji and others [1] used some centrality-based measures for identifying the key actors involved in terrorist activities. They computed the centrality scores corresponding to all the nodes present in a terrorist network using different centrality-based measures and determined the nodes as the key actors with the maximum scores in the majority of cases. Gialampoukidis and others [5] presented a novel centrality-based measure named mapping entropy betweenness (MEB) for identifying the key players present in terrorist networks, and they tested the effectiveness of their method on a dataset prepared using terrorism-related user accounts on Twitter. Burcher and Whelan [14] gathered information related to criminal networks from the qualitative interviews of two criminal intelligence analysts belonging to Australian state law enforcement agencies. They applied certain existing measures available in the network theory to analyze the gathered information, which helped in understanding the structural characteristics of criminal networks. Bright and others [2] applied certain social network analysis measures to Australian-based jihadist groups to analyze them, and the purpose of the analysis was to identify the hidden connections among the groups. Some of them looked to be separate in the used network; however, they facilitated the work of other groups by providing information and resources. The method of Bright and others could identify the actors who acted as bridges among the groups present at different locations. Su and others [19] presented a link prediction-based approach for disintegrating terrorist networks, and they designed a link prediction-based method for identifying the critical nodes present in terrorist networks. To illustrate their work, they used the 9–11 hijackers network, and their approach identified missing relationships among the members of the terrorist organization involved in the 9–11 attack. Mitzias and others [7] presented a unified semantic infrastructure for identifying the contents related to the terrorist activities available on the web. Their method uses ontology and the concept of adaptable semantic reasoning to understand the behaviors of terrorist networks. In their work, Gregori and Merlone [15] used the following popular measures available in the network theory with the aim of analyzing 10 terrorist networks including three Islamic State of Iraq and Syria-affiliated networks: centralization [21], density [22], mean nodal degree [22], clustering coefficient [23], average path length [22], average efficiency [24], global efficiency [24], betweenness [25], and closeness [22]. In their work, they investigated all the networks to understand their structural characteristics and measured the impact of an attack conducted by terrorists using information extracted from the structural characteristics of the networks. Singh and others [9] presented a method named gray relational analysis (GRA) to organize and analyze terrorist networks, and this method is under the category of structural-based methods. They applied their method to a dataset based on the 26/11 Mumbai attack to test its effectiveness. In addition to these methods, the following interesting methods were proposed in recent years: other studies [26-38]. Most of these methods are based on community detection approaches, where they use time-series features and other network theory concepts to analyze terrorist networks. The basic idea behind these approaches is to divide terrorist organizations into communities and attack them to reduce the possibility of joint resistance. The above discussion shows that the existing methods mostly used centrality-based measures for identifying the key actors in terrorist networks. Centrality-based approaches capture the information flow corresponding to the different nodes present in a network. Based on this information, they rank the persons involved in a terrorist activity and identify those who occupy the top positions in the list as the key actors, which can be either primary conspirators or leaders. However, in reality, leaders only have indirect involvement in terrorist attacks and even look as persons with little involvement in the attacks. Therefore, information flow through such nodes is low. Thus, an alternative method is required to identify the leaders of terrorist attacks. In addition to centrality-based measures, some researchers proposed learning-based methods [11, 39-43] in recent years to identify the key actors in terrorist networks. Johnston and Weiss [39] designed an approach that can automatically identify the related web pages and text content to Sunni extremist propaganda on social media, where a deep neural network-based model is used to classify propaganda content from other social media content. The model can classify text written in multiple languages. Tutun and others [11] presented a framework that uses the information related to the patterns of suicide attacks for analyzing the activity patterns and relations in terrorist networks. The analysis results can be used to understand the behaviors and movements of terrorists. In particular, they proposed a logistic regression-based model for selecting features for the similarity function and used this model in analyzing terrorist networks. Moussaoui and others [40] presented a probabilistic-based clustering algorithm for identifying the potential communities involved in terrorist activities on Twitter. The overall approach works in three steps: extraction of tweets, semantic processing, and classification of the nodes forming a community of terrorists. They classified the people on Twitter into three groups: terrorists, people who support them, and those who do not have any involvement in terrorist activities. Accordingly, they could identify a community of terrorists. Rasheed and others [41] designed a machine learning-based method for identifying the key actors in terrorist networks. As a preprocessing step, the k $$ k $$ -core concept is used in removing the passive or unwanted nodes from given networks. In the next step, a hybrid classifier that utilizes multiple features is used to identify the key actors in the network. Wang and Li [43] presented a behavior-aware network embedding approach named outlier spotting with behavior-aware network embedding (OSNE) to identify the terrorists belonging to different terrorist organizations. The basic idea behind their method is to gather information from the high-order relation paths among the members of terrorist groups. Then, this information is used for network embedding to identify the potential entities in a network. To our knowledge, the most recent learning-based method was proposed by Uddin and others [42]. They used certain deep neural network-based models to understand the behaviors of the people involved in terrorist activities. Using five learning-based models, they tried to answer some questions. For example, (i) depending on the planning level, is a particular attack successful or not? (ii) Are the attackers ready to commit suicide or not? (iii) What can be the probable place of an attack? (iv) What weapon types are going to be used in an attack? (v) What are the possible targets of an attack (e.g., people, buildings, and public property)? Because none of the abovementioned approaches can identify the leaders of terrorist attacks because of their indirect involvement in attacks, a novel method for identifying the leaders of terrorist attacks is necessary. The novelty of the proposed approach compared with other existing methods in identifying key actors is as follows. (i) Unlike other existing methods, our method can identify the leaders in terrorist networks even if they do not look active in a network. (ii) The proposed method enables us to identify the key conspirators who get instructions from leaders to conduct terrorist activities. (iii) Through the proposed method, the persons involved in a terrorist activity can be ranked based on their relative contributions to the whole activity. (iv) We prepared four datasets using proceedings and confessional statements made by certain accused persons corresponding to four real-world cases. The proposed algorithms can identify all the key actors and whether they have direct or indirect involvements in attacks in the four cases. 3 PROPOSED METHOD The proposed method works in two steps. In the first step, we apply the proposed proximity-based centrality measure to compute the proximity of each node present in a terrorist network. The top conspirators of an attack can be determined based on the proximity scores calculated using the proposed centrality measure. In the second step, we apply the proposed algorithm for identifying the leaders of terrorist networks. We demonstrated a brief overview of the proposed method using the flow chart in Figure 1. FIGURE 1Open in figure viewerPowerPoint Flow chart of the proposed method 3.1 Defining the proposed centrality measure In a terrorist network, let T = ( N , L ) $$ T=\left(N,\kern.5em L\right) $$ , where N $$ N $$ represents the set of persons contributing to terrorist activities and L $$ L $$ represents the set of links or associations among the people involved in terrorist activities. Here, we considered T $$ T $$ as a simple undirected, unweighted, and connected network. The proposed centrality measure is based on the shortest path algorithm [44, 45]. According to Sabidussi [46], the centrality of a node can be measured by adding the shortest distances from that node to all the other nodes in a network. This quantity measures how closely a node is to all the other nodes in the network. Furthermore, to measure the overall centrality of the network, we summed the centrality scores for all the nodes present in the network. If the overall centrality is divided by the centrality score of an individual node, it yields the relative centrality of that node compared with the other nodes present in the network. Therefore, the proposed centrality measure determines how close a node is to all the other nodes in a network and what is its relative closeness compared with the other nodes. The formal definition of the proposed centrality measure is given as follows. The proximity centrality of a node ( v ) $$ (v) $$ present in a terrorist network ( T ) $$ (T) $$ is given as follows: P T c ( v ) = ∑ i = 1 n ∑ j = 1 n | spath i , j | ∑ i = 1 n | spath v i | $$ {P}_T^c(v)=\frac{\sum_{i=1}^n{\sum}_{j=1}^n\mid {\mathrm{spath}}_{i,j}\mid }{\sum_{i=1}^n\mid {\mathrm{spath}}_{v_i}\mid } $$ where n $$ n $$ is the number of nodes present in the network, | spath i , j | $$ \mid {\mathrm{spath}}_{i,j}\mid $$ is the length of the shortest path between the nodes i $$ i $$ and j $$ j $$ , and | spath v i | $$ \mid {\mathrm{spath}}_{v_i}\mid $$ is the length of the shortest path from node v $$ v $$ to i $$ i $$ . 3.2 Proposed algorithms for identifying the primary conspirators and leaders Here, we present two algorithms for two purposes. The first algorithm identifies the list of persons directly involved in terrorist activities such as recruiting attackers, recruiting people who provide support systems to the attackers, arranging training camps for the attackers, and arranging sophisticated weapons for conducting the attacks. We utilized the concept of the shortest path algorithm to design this algorithm. This concept considers a terrorist network as the input and produces a list of primary conspirators as the output. In particular, the algorithm takes a terrorist network as an input and computes the proximity score for each node using the proposed proximity-based centrality measure. Then, it sorts all the nodes in the decreasing order of their centrality scores. In the final step of the algorithm, the top-k nodes with the highest scores are selected as the primary conspirators of the attack. Identifying the value of k $$ k $$ is an important issue because the number of main conspirators may vary for different terrorist networks. Here, we considered all the main conspirators with the top-3 centrality scores. The outline of the proximity-based centrality measure is given in Algorithm 1. The second algorithm identifies the leaders or masterminds, who are usually not directly involved in terrorist attacks but provide directions to the primary conspirators. The basic idea behind the proposed algorithm for identifying these leaders is simple, as it is based on the observation that the leaders only interact with the primary conspirators and nobody else. The outline for identifying the leaders of the terrorist attacks corresponding to given terrorist networks is given in Algorithm 2. 4 EVALUATION STRATEGY We considered four real-world cases and prepared four datasets corresponding to these cases to evaluate the proposed algorithms. We run Algorithm 1 on each of these datasets and obtained the output in the form of centrality scores corresponding to each node present in a particular dataset. We maintained the centrality scores temporarily in a vector and sorted the vector of the centrality scores in a decreasing order. Then, we predicted the top-k nodes with the highest centrality scores as the primary conspirators. Furthermore, we run Algorithm 2 to identify the attack leaders corresponding to the given datasets. The algorithm takes a vector containing centrality scores as the input and produces a list of the comprising leaders of an attack as an output. 4.1 Data gathering and dataset preparation Gathering information related to terrorist networks from social media or through other means of communication is extremely difficult because of the covert nature of such networks [47]. We considered four real-world cases related to terrorist attacks from India to prepare the used datasets: 1991 Rajiv Gandhi assassination case [48, 49], 2001 Indian Parliament attack case [50-52], 26/11 Mumbai attack (2008) case [53-55], and 1993 Bombay bomb blast case [56, 57]. First, we extensively examined and analyzed all four cases to prepare the datasets. Based on this study, we discussed certain facts related to all the cases one by one. Sivarasan, Subha, and Santhan played central roles in the Rajiv Gandhi assassination case. Sivarasan arranged everything for the conduct of the assassination, and Shubha and Santhan accompanied Sivarasan everywhere, even after the assassination. Prabhakaran and Pottu Amman were the leaders because they formulated the attack plan and directed the primary conspirators to plan and execute the attack. As for the Indian parliament attack case, Afzal Guru, Mohammad, and Tariq were the main conspirators, and Afzal Guru played a central role in the attack as he planned the attack on the Indian parliament in collaboration with Mohammad and Tariq. Mohammad is another main conspirator who came to Delhi to make proper arrangements, gather necessary information, and arrange other logistics for the attack. Tariq is a main conspirator because he introduced Afzal Guru to Ghazibaba and he was involved in managing the necessary funds and attackers to perform the attack. As the leader of the operation, Ghazibaba directed the top conspirators to attack the Indian parliament. Abu Kafa, Hafiz Sayeed, and Zaki-ur-Rehman Lakhvi played central roles in the 26/11 Mumbai attack case. Abu Kafa was involved in organizing training camps for the attackers and made all the necessary arrangements for them. Hafiz Sayeed and Zaki-ur-Rehman Lakhvi were primarily involved in the planning of the attack. Major General Saab, as a leader, formulated a plan with the primary conspirators to conduct terrorist attacks on big Indian cities, and he was continuously in touch with the main conspirators. In the 1993 Bombay bomb blast case, Tiger Memon, Phanasmiyan, and Yakub Memon were the main conspirators. Tiger Memon and Phanasmiyan played central roles in the attack plan from the moment of its inception, and they received the arms and ammunition used in the attack with their men from the sea coasts of Mumbai. Yakub Memon assisted Tiger Memon in the acquisition, transportation, and storage of the used arms and explosives. Moreover, Yakub actively participated in all the meetings held in Bombay and arranged funds through Hawala. Dawood Ibrahim was the leader because he directed the two primary conspirators to plan the attack. We prepared four datasets after thoroughly studying the four cases, and we collected information from many sources to prepare these datasets. The information sources include certain judgments of the Supreme Court of India, certain articles published in newspapers, and certain confessional statements made by some of the accused terrorists. The summary statistics of the input graphs related to the prepared datasets are given in Table 1. TABLE 1. Dataset summary statistics Name Type Nodes Edges Description Indian parliament attack Undirected 11 29 Network of a terrorist group involved in the Indian parliament attack (private) 26/11 Mumbai attack Undirected 36 139 Network of a terrorist group involved in the 26/11 Mumbai attack (private) Rajiv Gandhi assassination Undirected 46 155 Network of a terrorist group involved in the assassination of Rajiv Gandhi (private) 1993 Bombay bomb blast Undirected 143 1085 Network of a terrorist group involved in the 1993 Bombay Bomb Blast (private) 4.2 Experimental setup We used the R programming language to implement all the centrality-based measures. More specifically, we executed all the algorithms on R version 3.6.3 and R-Studio version 1.2.5042. We took all the observations on a 64-bit computer system with an Intel(R) Core(TM) i5-8265U CPU @1.60 GHz 1.80-GHz processor coupled with 8 GB of primary memory. 5 EXPERIMENTAL EVALUATION First, we discussed the proposed method using a case study to understand how it works. Then, we evaluated the performance of the proposed method against other existing methods considering the used four real-world datasets. 5.1 Case study There are many challenges when dealing with terrorist networks using social network analysis techniques. These challenges include the noncompleteness of data, difficulty in data gathering, and the covert nature of certain key actors. We designed a novel approach comprising a centrality measure and an algorithm to cope with these challenges. We used the Indian Parliament Attack case of 2001 as a case study to explain our methodology for identifying the primary conspirators and leaders of the attack. Two terrorist organiza