Conference PaperPDF Available


Content may be subject to copyright.
Key player identification in terrorism-related social
media networks using centrality measures
Ilias Gialampoukidis, George Kalpakis, Theodora Tsikrika, Stefanos Vrochidis and Ioannis Kompatsiaris
Information Technologies Institute
Centre for Research and Technology Hellas
Thermi-Thessaloniki, Greece
Emails: {heliasgj, kalpakis, theodora.tsikrika, stefanos, ikom}
Abstract—Monitoring terrorist groups and their suspicious
activities in social media is a challenging task, given the large
amounts of data involved and the need to identify the most
influential users in a smart way. To this end, many efforts have
focused on using centrality measures for the identification of
the key players in terrorism-related social media networks, so
that their suspension/removal leads to severe disruption in the
connectivity of the network. This work proposes a novel centrality
measure, Mapping Entropy Betweenness (MEB), and assesses
its effectiveness for key player identification on a dataset of
terrorism-related Twitter user accounts by simulating targeted
attacks that remove the most central nodes of the network.
The results indicate that the MEB affects the robustness of this
terrorist network more than well-established centrality measures,
in the largest part of the attack process.
Social media networks, e.g. Twitter ( and
Facebook (, have globalized the commu-
nication among people of different nationality, religion, culture
or residence. On the other hand, though, due to their great
power and reach, they have proven to be a very useful tool for
terrorist organizations in their effort to recruit and radicalize
new members, raise new funds, organize strategic operations
and exchange information that can be exploited for subversive
use [1], [2], [3]. Law Enforcement Agencies (LEAs) are
thus interested in monitoring terrorist-related activity in social
media networks, where the problem is to identify the most
influential user accounts, known also as “key player” discovery
[4]. Special attention has been paid to Twitter that has attracted
several terrorist communities [5], [6], [7], due to its nature
that permits the inexpensive communication of multimedia
messages (tweets) to users worldwide.
Many complex technical and real-world networks, ranging
from computer science to molecular biology [8], including
social media networks such as Twitter [9], exhibit a scale-free
topology [8], [10] characterized by a highly heterogeneous de-
gree distribution, which follows a power-law. These so-called
scale-free networks are very robust on random attacks and
they are very vulnerable when targeted attacks are performed
[11] at their most central nodes (key players), in an attempt to
destroy their internal connectivity and turn them into a set of
isolated smaller networks. An attack on a scale-free network
may be triggered not only by malicious intentions (e.g. to
breakdown the connectivity of a computer network), but also
by incentives beneficial to the society (e.g. to prevent disease
propagation). Hence, the scale-free topology, can be exploited
so as to perform attacks on the most central users playing a
vital role in the information exchange with the goal to spread
their propaganda. Such an attack could remove or suspend
user accounts considered as potential sources for disseminat-
ing terrorist-related information, and can be executed by the
collaboration of LEAs with social media organizations.
Several approaches proposed for detecting key players in
a complex network mainly focus on utilizing different cen-
trality measures. Degree centrality is based on the size of
the neighborhood, betweenness centrality on the percentage of
shortest paths crossing a given node, and closeness centrality
on the average distance of a given node to all others [12].
The eigenvector centrality takes into account the centrality
of all nodes in the neighborhood of a given node [13] and
is closely related to the PageRank centrality [14], where the
centrality of a node is a function of the weighted centralities
of the node’s neighborhood. Mapping Entropy [15] weights
the degree centrality of a node, using the entropy of the
degree distribution on a local level. Moreover, the k-core of
a network (i.e. a linked set of nodes with degree at least k)
has also been used to locate influential nodes in a network
[16]. Given though that its computation is degree-based and
does not consider the shortest paths that cross a given node,
it is not appropriate for the case of terrorist-related networks
where the key players show high betweenness centrality [4].
Over the past two decades, many works have examined
the network structure of terrorist organizations. One of the
early efforts examined the social connections of the 9/11
hijackers and their accomplices and detected the ring leaders
of the terrorist attacks based on their network structure [17].
Later work emphasized the use of social network analysis for
understanding the core characteristics of terrorist groups [18].
More recent research has focused on explaining the survival
mechanisms of the Global Salafi Jihad (GSJ) terrorist network,
and concluded that its scale-free topology constitutes a major
factor for its ability to remain active, even after being severely
damaged by the authorities [19]. Furthermore, several research
efforts have studied the use of social media, and especially
Twitter, by terrorist organizations. These include a study
This is the accepted manuscript.
2016 European Intelligence and Security Informatics Conference
978-1-5090-2857-3/16 $31.00 © 2016 IEEE
pages: 112-115, DOI 10.1109/EISIC.2016.38
on Twitter’s role in facilitating (i) the Mumbai (November
2008) terrorists to execute their attack by monitoring and
utilizing situational information broadcast through Twitter [5],
(ii) the Islamic State’s (IS) strategy for communicating their
propaganda for radicalizing and recruiting Twitter users [6],
and (iii) feeder accounts of terrorist organizations from the
Syria insurgency zone for exchanging information [7].
Contrary to the aforementioned studies that simply perform
a statistical analysis of the topology and connectivity of the
network structure, we examine the scale-free properties of a
terrorism-related social media networks in order to detect the
most operationally critical accounts, i.e. the key players. Our
main contribution is that we propose a novel centrality mea-
sure for key player identification, namely Mapping Entropy
Betweenness (MEB), aiming at the efficient identification of
central nodes (Section II), and assess its effectiveness by
simulating targeted attacks, using several centrality measures
and the random attack scenario on a dataset of terrorism-
related Twitter user accounts (Section III).
This section presents the necessary background in identify-
ing the central nodes in a complex network and introduces the
MEB centrality measure.
A. Background and Notation
Given an undirected network G(N, L)with Nnodes and
Llinks, the degree of a node nk,deg(nk), is the number of
its adjacent links. The adjacency matrix Ahas values aij = 1
if node niand node njare connected and aij = 0 otherwise.
The node nkcan at most be adjacent to N1other nodes
and the degree centrality (DC) is defined as [12]:
The betweenness centrality (BC) [12] of node nkis based
on the number of paths gij (nk)from node nito node njthat
pass through node nkto the number of all paths gij from node
nito node nj, summed over all pairs of nodes (ni, nj)and
normalized by its maximum value (N23N+ 2)/2:
gij (nk)
N23N+ 2 (2)
The distance d(ni, nk)between any two nodes ni, nkin
a network is the number of links between the two nodes.
Closeness centrality (CC) [12] of node nkis defined as the
inverse of the average distance to all other nodes ni, i 6=k:
i=1 d(ni, nk)(3)
The eigenvector centrality (EC) [13] of node nkquantifies
the influence of node nkby taking into account the eigenvector
centrality of the neighbors of nk. Eigenvector centrality is
provided by the eigenvector which corresponds to the greatest
eigenvalue of the adjacency matrix A.
Google’s PageRank (PR) [14], introduced to measure the
importance of a Web page, is defined for node nkas:
P Rk=1d
ni∈N (nk)
P Ri
where dis the damping factor (typically set to 0.85), L(ni)is
the number of links to node niand N(nk)is the set of nodes
connected to node nk, referred to as the neighborhood of nk.
The neighborhood N(nk)of nkhas been also used to define
the Mapping Entropy (ME) centrality, which has recently been
proposed [15] as a function of the degree centrality:
ni∈N (nk)
log DCi(5)
Mapping Entropy is in fact the degree centrality DCk
weighted by the average Shannon information in the neigh-
borhood of node nk[15]. Based on this notion, we propose
a centrality measure that weights the betweenness centrality
BCkinstead of the degree centrality DCk.
B. Mapping Entropy Betweenness (MEB) centrality
Degree and betweenness are not identical properties. A
node with high degree centrality (hub) has a large number of
neighbors, but its spreading capability is reduced if it is located
in the periphery of the network [16] and can only influence a
local neighborhood and not the whole network. The removal
of such a hub, will not necessarily affect the diffusion of
information within the rest of the network. In a terrorist-related
network, for example, information spread is based on nodes
who act as a bridge between any two members, even if their
degree centrality is low [20]. When a node acts as a bridge
between many pairs of nodes, then its betweenness centrality
is relatively high. For that reason, we focus on the betweenness
centrality of a node, which we further elaborate, by taking into
account the betweenness centrality of its first neighbors. An
efficient weighting scheme for the degree centrality is Mapping
Entropy [15], which we extend to a novel centrality measure,
Mapping Entropy Betweenness (MEB) centrality:
ni∈N (nk)
log BCi(6)
The weight assigned to BCkis the sum of all log BCiover
the neighborhood of node nk, as motivated by Eq. (5).
C. Betweenness vs. Mapping Entropy Betweenness
The proposed centrality measure is based on the between-
ness centrality and, for each node, takes into account its
first neighbors. To assess the potential benefits of introducing
these additional nodes in the computation, we compare the
effectiveness of MEB over betweenness centrality for key
player identification in a network. To this end, we simulate
targeted attacks on the network, i.e. the sequential removal
of its most central nodes, to test which of the two centrality
measures affects most its robustness. First, the kmost central
nodes are removed and the size of the largest connected
component is estimated; then, the centralities are recalculated
0 10 20 30 40 50 60
0.0 0.2 0.4 0.6 0.8 1.0
relative size of the giant component
Mapping Entropy Betwenness
Fig. 1: Decay of the largest connected component in targeted
attacks using the betweenness and MEB centrality measures
before removing again the most central nodes. This process
is iterated for a fixed number of attacks and each time the
average size decrease of the largest connected component is
measured to gauge the impact of these attacks on the network.
Consider, for example, a randomly generated Barab´
Albert network [8] with 3600 nodes and power-law exponent
3.02. The size of the network is selected so as to coincide
with the size of the network in our experiments described in
Section III. The results of a targeted attack scenario for k= 1
are shown in Figure 1 and indicate that the MEB centrality
is more effective than the betweenness centrality in the attack
scenario where the most central node is sequentially removed,
since MEB is able to reduce the size of the largest connected
component faster than BC. This indicates that weighting the
betweenness centrality of a node with its neighborhood’s Map-
ping Entropy results in a more effective centrality measure.
In this section, we initially describe the terrorism-related
social media dataset used in our experiments and then we
simulate several scenarios of targeted attacks on this network,
i.e. sequential removal of the most central nodes, to test which
centrality measure affects most the robustness of the network.
A. Dataset Description
We examine a social media network consisting of terrorism-
related Twitter accounts. Our data were collected through a
social media discovery tool executing queries on the Twitter
API ( using a set of Arabic keywords
related to terrorists’ propaganda. These keywords were pro-
vided by law enforcement agents and domain experts in
the context of the activities of HOMER EU FP7 project
( and are related to the Caliphate State,
its news, publications, and photos from the Caliphate area.
The dataset consists of 38,766 Twitter posts by 5,461 users.
A manual assessment of a sample of 100 posts indicated their
relevance to terrorism and, in particular, to the propaganda
spread by the Caliphate State; see Figure 2 for some examples.
When one user account in mentioned in at least one post
of another user, the two user accounts are linked together,
thus an undirected network is constructed. In this network,
we find the largest connected component (referred also as
Destruction of a (Christian) army vehicle after
being targeted with a guided missile within the
  |
The Hosts Will All Be Routed And Will Turn And
Flee" (verse from the Koran)
#CaliphateNews #CaliphatePublications
 |
Re-posting of the special and splendid
documentary publication: Islamic Maghreb:
Suffering and Hope"
#CaliphateNews #CaliphatePublications
Fig. 2: Tweets in Arabic posted by the most central users, also
translated in English. URLs are redacted for security purposes.
the “giant component”) of 3,600 user accounts (nodes) and
9,203 links. Next, we examine which centrality measure is
able to detect the most influential Twitter user(s) and limit the
communication effectively within the terrorist network.
B. Results
The power-law behavior of the network’s degree distribution
is initially tested, in order to check whether the giant compo-
nent is vulnerable to targeted attacks. The power-law exponent
is estimated to be γ= 2.56 and is statistically significant,
as stated by the Kolmogorov-Smirnov hypothesis test with p-
value 0.7780 >0.05. Therefore, the scale-free character of the
network allows for performing targeted attacks on the most
central nodes, in order to make the network less operational.
The power-law behavior is also tested during the attack process
for the degree distribution of the largest connected component.
Figure 3(a) indicates that the MEB centrality weakens the
power-law behavior more than betweenness centrality in the
largest part of the attack process. However, the network does
not become less vulnerable to targeted attacks and shows high
robustness to random attacks, as shown in Figure 3(b).
The superiority of MEB centrality in the largest part of the
attack process is demonstrated in Figure 3, where a random
attack scenario is performed (k= 1), using each of the
centrality measures listed in Section II. Similar results are also
observed for k= 2 and k= 3. For example, in the dashed
region (Figure 3(b)), the size of the giant component is reduced
only by 5% in random attacks, by 27.10% with closeness
centrality, and by 44-49% with the other centrality measures,
while using MEB the decrease is up to 50.01%. From the user
perspective, after a small number of node removals (approx.
1.5% of the total size) one should replace betweenness with
MEB centrality in her attack strategy, in order to further
destroy the connectivity in the largest connected component.
After 240 attacks, in all targeted attacks scenarios (Figure 3),
more than 2/3 of the giant component has been isolated and
the remaining nodes do not play a key role in the network’s
functionality, since the maximum observed degree is less than
9. In addition, MEB achieves the lowest half-life [21], defined
as the number of targeted attacks needed to reduce the size of
the largest connected component by one half. The half-life for
the MEB is 145 attacks, while the half-life is 154 attacks for
0 50 100 150 200
0.2 0.4 0.6 0.8 1.0
Mapping Entropy Betwenness
(a) Significance p-value at each stage of the
attack scenario, testing the fit of the degree
distribution to power-law
Mapping Entropy
(b) Decay of the largest connected component
Mapping Entropy
(c) Decay of the largest connected component after
a small number of attacks (1.5% of the overall size)
Fig. 3: Targeted attacks using several centrality measures.
the betweenness centrality, 156 for the degree centrality, 150
for the PageRank, 174 for the eigenvector centrality, 261 for
the closeness centrality, 1191 for the random attack scenario.
Finally, for each centrality measure, we identified the top-10
nodes (i.e. Twitter accounts). This resulted in a set of 18 unique
users who play a key role in the network. An examination that
took place 10 days after the dataset contruction showed that
14 accounts had already been suspended by Twitter, while one
posted a link that appears to be an (official) ISIS “publications”
propaganda page. In most cases (10 out of 14), the suspension
had actually taken place within 72 hours of the creation of the
account. This indicates the relevance of our dataset to terrorism
and also the volatility of these communities given Twitter’s
efforts to remove accounts that promote such material.
This work addressed the key player identification task in
terrorist social media networks. Using terrorism-related key-
words, we created a social network of Twitter users, aiming
at the efficient identification of the most influential accounts
in the Caliphate State propaganda. A novel centrality measure
was proposed, Mapping Entropy Betweenness (MEB), which
is able to destroy the connectivity faster than other centrality
measures in the largest part of the targeted attacks. We
plan to assess the combination of MEB centrality with other
prominent centralities in other terrorism-related networks, so
as to efficiently and quickly determine influential accounts.
This work was partially supported by the EC projects
HOMER (FP7-312883) and MULTISENSOR (FP7-610411).
[1] R. L. Thompson, “Radicalization and the use of social media,” Journal
of strategic security, vol. 4, no. 4, p. 167, 2011.
[2] I. Von Behr, A. Reding, C. Edwards, and L. Gribbon, “Radicalisation
in the digital era: The use of the internet in 15 cases of terrorism and
extremism,” Brussels: RAND, 2013.
[3] R. Torok, “make a bomb in your mums kitchen: Cyber recruiting and
socialisation of white moors and home grown jihadists,” 2010.
[4] A. Berzinji, L. Kaati, and A. Rezine, “Detecting key players in terrorist
networks,” in Intelligence and Security Informatics Conference (EISIC),
2012 European. IEEE, 2012, pp. 297–302.
[5] O. Oh, M. Agrawal, and H. R. Rao, “Information control and terror-
ism: Tracking the mumbai terrorist attack through twitter,Information
Systems Frontiers, vol. 13, no. 1, pp. 33–43, 2011.
[6] A. T. Chatfield, C. G. Reddick, and U. Brajawidagda, “Tweeting pro-
paganda, radicalization and recruitment: Islamic state supporters multi-
sided twitter networks,” in Proceedings of the 16th Annual International
Conference on Digital Government Research, 2015, pp. 239–249.
[7] J. Klausen, “Tweeting the jihad: Social media networks of western
foreign fighters in syria and iraq,” Studies in Conflict & Terrorism,
vol. 38, no. 1, pp. 1–22, 2015.
[8] A.-L. Barab´
asi and R. Albert, “Emergence of scaling in random net-
works,” Science, vol. 286, no. 5439, pp. 509–512, 1999.
[9] S. Aparicio, J. Villaz´
on-Terrazas, and G. ´
Alvarez, “A model for scale-
free networks: Application to twitter,Entropy, vol. 17, no. 8, pp. 5848–
5867, 2015.
[10] L. Li, D. Alderson, J. C. Doyle, and W. Willinger, “Towards a theory
of scale-free graphs: Definition, properties, and implications,” Internet
Mathematics, vol. 2, no. 4, pp. 431–523, 2005.
[11] R. Cohen, K. Erez, D. Ben-Avraham, and S. Havlin, “Breakdown of
the internet under intentional attack,” Physical review letters, vol. 86,
no. 16, p. 3682, 2001.
[12] L. C. Freeman, “Centrality in social networks conceptual clarification,”
Social networks, vol. 1, no. 3, pp. 215–239, 1978.
[13] P. Bonacich and P. Lloyd, “Eigenvector-like measures of centrality for
asymmetric relations,” Social networks, vol. 23, no. 3, p. 191, 2001.
[14] S. Brin and L. Page, “Reprint of: The anatomy of a large-scale
hypertextual web search engine,” Computer networks, vol. 56, no. 18,
pp. 3825–3833, 2012.
[15] T. Nie, Z. Guo, K. Zhao, and Z.-M. Lu, “Using mapping entropy to
identify node centrality in complex networks,” Physica A: Statistical
Mechanics and its Applications, vol. 453, pp. 290–297, 2016.
[16] F. D. Malliaros, M.-E. G. Rossi, and M. Vazirgiannis, “Locating influ-
ential nodes in complex networks,Scientific reports, vol. 6, p. 19307,
[17] V. Krebs, “Uncloaking terrorist networks,” First Monday, vol. 7, no. 4,
[18] S. Saxena, K. Santhanam, and A. Basu, “Application of social network
analysis (sna) to terrorist networks in jammu & kashmir,Strategic
Analysis, vol. 28, no. 1, pp. 84–101, 2004.
[19] J. Xu, D. Hu, and H. Chen, “The dynamics of terrorist networks:
Understanding the survival mechanisms of global salafi jihad,Journal
of Homeland Security and Emergency Management, vol. 6, no. 1, 2009.
[20] J. Qin, J. J. Xu, D. Hu, M. Sageman, and H. Chen, “Analyzing terrorist
networks: A case study of the global salafi jihad network,” in Intelligence
and security informatics. Springer, 2005, pp. 287–304.
[21] B. Furht, Handbook of social network technologies and applications.
Springer Science & Business Media, 2010.
... Information entropy may also be used as a centrality metric to rank nodes (or edges) by importance. In this sense, several authors [14,17,[19][20][21]23,29,30,32,33,36,[42][43][44][45][46][47][48][49][50][51][52][54][55][56][57][58][59][60][61][62][63] developed a number of node entropy metrics and provided the appropriate interpretation. Like for graph entropy metrics, many of these are constructed equivalently to the use of information functionals (see Equation (9)) [20,21,44,48,51,56,[59][60][61][62]. ...
... Like for graph entropy metrics, many of these are constructed equivalently to the use of information functionals (see Equation (9)) [20,21,44,48,51,56,[59][60][61][62]. Node entropy metrics are based on degree [21,32,56,57,59,60,62,63], neighbor degree [59] or strength [57], the weight of edges [56,60], betweenness [21,33], closeness centrality [21], paths [14,17,54], or walks [19,23,29,30], or less traditional metrics, such as the topological potential [20], the probability of information flow [36], the probability of a protein complex [55], the number of nodes [58], or protein annotations [61]. In many cases, locality is important and, thus, the properties of the neighbors are taken into account [57,60,62,63]. ...
... shortest path betweenness centrality of a link (u, v) for every pair of source-sink nodes. [33] ...
Full-text available
Information entropy metrics have been applied to a wide range of problems that were abstracted as complex networks. This growing body of research is scattered in multiple disciplines, which makes it difficult to identify available metrics and understand the context in which they are applicable. In this work, a narrative literature review of information entropy metrics for complex networks is conducted following the PRISMA guidelines. Existing entropy metrics are classified according to three different criteria: whether the metric provides a property of the graph or a graph component (such as the nodes), the chosen probability distribution, and the types of complex networks to which the metrics are applicable. Consequently, this work identifies the areas in need for further development aiming to guide future research efforts.
... A novel approach to detect the breast cancer was introduced by [34]. Music library association with mailing list using text mining was explored by [35]. ...
Full-text available
To gain competitive advantage and to improve efficiency, reliance on data has grown manifold. This work explored the emerging sources of big data generation in India, particularly post implementation of 'Digital India' scheme. Agencies that have implemented the big data are accentuated along with the potential area. Further, a model is proposed to integrate key services utilized within a country with the 'Aadhar' to gain insight in real time. Seamless integration of key services with 'Aadhar' will be increasingly helpful in curbing the crime from Indian landscape. Further, challenges in implementation of the model are perceived, and their solutions have been proposed.
... A novel approach to detect the breast cancer was introduced by [34]. Music library association with mailing list using text mining was explored by [35]. ...
... To identify the key-players, an entropy-based centrality measure is applied, i.e. the Mapping Entropy Betweenness (MEB) centrality, which considers the betweenness centrality of nodes [62]. Specifically, the betweenness centrality ( ) of node is based on the number of shortest paths ( ) from node to node that pass through node to the number of all shortest paths from node to node , summed over all pairs of nodes ( , ) and normalised by its maximum value, i.e. ( 2 − 3 + 2)∕2: ...
Full-text available
Social media play an important role in the daily life of people around the globe and users have emerged as an active part of news distribution as well as production. The threatening pandemic of COVID-19 has been the lead subject in online discussions and posts, resulting to large amounts of related social media data, which can be utilised to reinforce the crisis management in several ways. Towards this direction, we propose a novel framework to collect, analyse, and visualise Twitter posts, which has been tailored to specifically monitor the virus spread in severely affected Italy. We present and evaluate a deep learning localisation technique that geotags posts based on the locations mentioned in their text, a face detection algorithm to estimate the number of people appearing in posted images, and a community detection approach to identify communities of Twitter users. Moreover, we propose further analysis of the collected posts to predict their reliability and to detect trending topics and events. Finally, we demonstrate an online platform that comprises an interactive map to display and filter analysed posts, utilising the outcome of the localisation technique, and a visual analytics dashboard that visualises the results of the topic, community, and event detection methodologies.
... In order to mitigate the widespread usage of the Internet for such malevolent intentions, authorities are deploying sophisticated systems that automatically analyse content on the Web and on social media [18]. Thus, several counterterrorism systems already exist for analysing text [8], multimedia [17], as well as social media content [4,13,14] on the Web. ...
Conference Paper
The Web and social media nowadays play an increasingly significant role in spreading terrorism-related propaganda and content. In order to deploy counterterrorism measures, authorities rely on automated systems for analysing text, multimedia, and social media content on the Web. However, since each of these systems is an isolated solution, investigators often face the challenge of having to cope with a diverse array of heterogeneous sources and formats that generate vast volumes of data. Semantic Web technologies can alleviate this problem by delivering a toolset of mechanisms for knowledge representation, information fusion, semantic search, and sophisticated analyses of terrorist networks and spatiotemporal information. In the Semantic Web environment, ontologies play a key role by offering a shared, uniform model for semantically integrating information from multimodal heterogeneous sources. An additional benefit is that ontologies can be augmented with powerful tools for semantic enrichment and reasoning. This paper presents such a unified semantic infrastructure for information fusion of terrorism-related content and threat detection on the Web. The framework is deployed within the TENSOR EU-funded project, and consists of an ontology and an adaptable semantic reasoning mechanism. We strongly believe that, in the short- and long-term, these techniques can greatly assist Law Enforcement Agencies in their investigational operations.
The massive spread of social networks provided a plethora of new possibilities to communicate and interact worldwide. On the other hand, they introduced some negative phenomena related to social media addictions, as well as additional tools for cyberbullying and cyberterrorism activities. Therefore, monitoring operations on the posted contents and on the users behavior has become essential to guarantee a safe and correct use of the network. This task is even more challenging in presence of borderline users, namely users who appear risky according to their posts, but not according to other perspectives. In this context, this paper contributes towards an automated identification of risky users in social networks. Specifically, we propose a novel system, called SAIRUS, that solves node classification tasks in social networks by exploiting and combining the information conveyed by three different perspectives: the semantics of the textual content generated by users, the network of user relationships, and the users spatial closeness, derived from the geo-tagging data associated with the posted contents. Contrary to existing approaches that typically inject features built from one perspective into the other, we learn three separate models that exploit the peculiarity of each kind of data, and then learn a model to fuse their contribution using a stacked generalization approach. Our extensive experimental evaluation, performed on two variants of a real-world Twitter dataset, revealed the superiority of the proposed method, in comparison with 15 competitors based on one of the considered perspectives alone, or on a combination thereof. Such a superiority is also clear when specifically focusing on borderline users, confirming the applicability of SAIRUS in real-world social networks, which are potentially affected by noisy data.
In this paper we leverage a massive attack-focused terrorist database and we design a dynamic bipartite network analysis to examine the structural evolution of terrorists-targets relationships. We introduce two novel measures to jointly assess harmfulness and vulnerability of terrorist and target groups, both at local and global level. Statistical validation using null models provides evidence that the information contained in these measures is new and not included in other variables, thus emphasizing the usefulness of these topological indicators. Finally, a policy-support experiment designed as network dismantling-like drill is proposed to assess the effects of potential attack preventive strategies.
Full-text available
Developments in communication technologies, especially in social media, have caused significant changes in the activist approaches of terrorist organizations. While the organizations continued their traditional actions, they carried their de facto activism to the cyber world with hashtag activism. In this study, the Twitter accounts of the members and sympathizers of the FETO organization and PKK organization and the hashtags opened from their accounts were examined and social network analyzes were made. Additionally, hashtag posts were subjected to content analysis to collect supporting data. Findings have been obtained that PKK networks have a more horizontal and intense relationship, foreign actors are also quite influential within the network, and FETO networks display a more hierarchical, controlled and organized relationship. There is also data that they sometimes cooperate in networks, despite having opposing ideological approaches.
In this work, we study the vulnerability of link-weighted networks against different central-attack strategies. We simulate simultaneous and sequential attacks on networks based on three network centralities, viz. degree (DC), betweenness (BC) and closeness (CC) centralities. We observed two network properties, the disintegration of giant components and updates in the average geodesic distance, to assess the severity of attacks. If the severity of attacks is calculated based on the first property alone, BC and DC-based attacks are the most hazardous. But, if the severity is computed based on the latter property, the average geodesic distance, the CC-based attacks found to be equally relevant. We show that sequential attacks based on CC are effective in crippling link-weighted networks. Also, suppose that the critical nodes (nodes with high BC and DC) in the network are protected. In such a circumstance, we show that the fallback strategy based on profile closeness is indeed a reasonable approach for attacking protected, link-weighted networks.
This study aims to examine the dynamic relationships among information and communication technologies (ICTs), international tourism, and terrorism in 28 countries from 1998 to 2016. Three weighted indices were constructed to gather the following factors: i) “war against terrorism” by military factors, ii) ICTs by different communication technologies, and iii) tourism demand by tourism factors. Results confirmed that the potential determinants of the war against terrorism include computer and communication services, secure Internet servers, per capita income, and trade openness. The key factors of ICT development are armed forces personnel, arms imports, military expenditures, per capita income, and trade openness, which can be effectively utilized for the war on terrorism across countries. Per capita income, trade, foreign direct investment inflows, and military expenditures substantially increased inbound tourism, whereas tourism demand increased computer and communication services, Internet users, and trade openness. Results also showed that armed forces personnel, arms imports, and growth-specific factors substantially increased tourism receipts, whereas high military expenditures decreased tourism income. These findings offer useful policy implications. One key conclusion drawn from this study is that ICTs play a potentially vital role in supporting the war against terrorism and the development of tourism across countries.
Full-text available
Understanding and controlling spreading processes in networks is an important topic with many diverse applications, including information dissemination, disease propagation and viral marketing. It is of crucial importance to identify which entities act as influential spreaders that can propagate information to a large portion of the network, in order to ensure efficient information diffusion, optimize available resources or even control the spreading. In this work, we capitalize on the properties of the K-truss decomposition, a triangle-based extension of the core decomposition of graphs, to locate individual influential nodes. Our analysis on real networks indicates that the nodes belonging to the maximal K-truss subgraph show better spreading behavior compared to previously used importance criteria, including node degree and k-core index, leading to faster and wider epidemic spreading. We further show that nodes belonging to such dense subgraphs, dominate the small set of nodes that achieve the optimal spreading in the network.
Full-text available
In the last few years, complex networks have become an increasingly relevant research topic due to the large number of fields of application. Particularly, complex networks are especially significant in the area of modern online social networks (OSNs). OSNs are actually a challenge for complex network analysis, as they present some characteristics that hinder topology processing. Concretely, social networks' volume is exceedingly big, as they have a high number of nodes and links. One of the most popular and influential OSNs is Twitter. In this paper, we present a model to describe the growth of scale-free networks. This model is applied to Twitter after checking that it can be considered a " scale-free " complex network fulfilling the small world property. Checking this property involves the calculation of the shortest path between any two nodes of the network. Given the difficulty of this computation for large networks, a new heuristic method is also proposed to find the upper bounds of the path lengths instead of computing the exact length.
The intuitive background for measures of structural centrality in social networks is reviewed and existing measures are evaluated in terms of their consistency with intuitions and their interpretability.
The problem of finding the best strategy to attack network or immunize population with a minimal number of nodes attracts current research interest. The assessment of node importance has been a fundamental issue in such research of complex networks. In this paper, we propose a new concept called mapping entropy (ME) to identify the importance of a node in the complex network. The concept is established according to the local information which considers the correlation among all neighbours of a node. We evaluate the efficiency of the centrality by static attacks and dynamic attacks on standard network models and real-world networks. The simulation result shows that the new centrality is more efficient than traditional attack strategies, no matter in static manner or dynamic manner.
Systems as diverse as genetic networks or the World Wide Web are best described as networks with complex topology. A common property of many large networks is that the vertex connectivities follow a scale-free power-law distribution. This feature was found to be a consequence of two generic mech-anisms: (i) networks expand continuously by the addition of new vertices, and (ii) new vertices attach preferentially to sites that are already well connected. A model based on these two ingredients reproduces the observed stationary scale-free distributions, which indicates that the development of large networks is governed by robust self-organizing phenomena that go beyond the particulars of the individual systems.
Social media have played an essential role in the jihadists’ operational strategy in Syria and Iraq, and beyond. Twitter in particular has been used to drive communications over other social media platforms. Twitter streams from the insurgency may give the illusion of authenticity, as a spontaneous activity of a generation accustomed to using their cell phones for self-publication, but to what extent is access and content controlled? Over a period of three months, from January through March 2014, information was collected from the Twitter accounts of 59 Western-origin fighters known to be in Syria. Using a snowball method, the 59 starter accounts were used to collect data about the most popular accounts in the network-at-large. Social network analysis on the data collated about Twitter users in the Western Syria-based fighters points to the controlling role played by feeder accounts belonging to terrorist organizations in the insurgency zone, and by Europe-based organizational accounts associated with the banned British organization, Al Muhajiroun, and in particular the London-based preacher, Anjem Choudary.
The use of social media tools by individuals and organizations to radicalize individuals for political and social change has become increasingly popular as the Internet penetrates more of the world and mobile computing devices are more accessible. To establish a construct for radicalization,the power and reach of social media will be described so there is common understanding of what social media is and how it is utilized by various individuals and groups. The second section will answer the question of why social media applications are the perfect platform for the radical voice. Finally, the use of social media and its influence in radicalizing populations in Northern Africa and the Middle East during 2011 will be analyzed and recommendations proposed.