Robust Framework for Investigation and Detection of Adversarial Activities

Abstract

Terrorism is a complex phenomenon with high uncertainty of user strategies. The uncertain nature of terrorism is the main challenge in the design of counter-terrorism policy. Government agencies (e.g., CIA, FBI, NSA, etc.) cannot always use social media and telecommunication to capture intentions of terrorists because terrorists are more careful in the utilization of these environments for planning and preparing for attacks. To address this issue, this research aims to propose a comprehensive new framework, namely Networked Pattern Recognition (NEPAR) Framework, by defining the useful patterns of attacks to understand behaviors, to analyze the terrorist activity patterns and relations, to predict their future moves, and finally to prevent and detect potential terrorist behaviors. In the framework, there are two main phases: (1) building networks by finding relations among the events, and (2) using a unified detection approach that combines the proposed network topology and pattern recognition approaches. More specifically, the proposed framework first identifies relevant features using a proposed Networked Feature Selection (NFS) method and the Optimized Robust Logistic Regression (ORLR) model. It then calculates the relationship between selected features, via a new similarity (interaction) measure, which is capable of handling both categorical and numerical features. Therefore, we form a new network model and analyze the structure of relations to infer knowledge about terrorist attacks. Moreover, a graph-based outbreak detection (as a spatial network) is proposed to define dangerous places for the outbreak of violence. In the second phase, after building the network, we propose a unified detection approach that applies pattern classification techniques to network topology and features of incidents, to detect terrorism and multiple attacks and the goal of attacks. For example, before the September 11 attack on New York City, the responsible agencies could have learned about suspicious behaviors from the proposed network. They could have found patterns of how terrorist groups will attack for the target place. If the event happens, they are supposed to know the event is terrorism or a plane crash to classify the event for responsible agencies, and to reduce the effectiveness of the attack. Afterward, if it is terrorism, they are supposed to know that the terrorist attack will be multiple, and there is an extension (will be continued in 24 hours) or not. At last, the government needs to know what is the goal to control and prevent future violence. Therefore, the proposed framework is offered to understand terrorist behaviors, then to give reactive strategies to governments. Experimental results show the effectiveness of our framework with high accuracy for finding patterns by comparing with actual terrorism events in 2014 and 2015. This testing data set successfully showed how to find and understand patterns, extracted from the original data set. The finding patterns with mostly more than 90% accuracy show that the framework can be used to understand the future attacks. Moreover, the experimental results for the detection approach for detection of terrorism events outperformed other traditional detection approaches. A unified

Full text

Abstract:
Terrorism is a complex phenomenon with high uncertainty of user strategies. The uncertain
nature of terrorism is the main challenge in the design of counter-terrorism policy. Government
agencies (e.g., CIA, FBI, NSA, etc.) cannot always use social media and telecommunication to
capture intentions of terrorists because terrorists are more careful in the utilization of these
environments for planning and preparing for attacks. To address this issue, this research aims to
propose a comprehensive new framework, namely Networked Pattern Recognition (NEPAR)
Framework, by defining the useful patterns of attacks to understand behaviors, to analyze the
terrorist activity patterns and relations, to predict their future moves, and finally to prevent and
detect potential terrorist behaviors.
In the framework, there are two main phases: (1) building networks by finding relations among
the events, and (2) using a unified detection approach that combines the proposed network
topology and pattern recognition approaches. More specifically, the proposed framework first
identifies relevant features using a proposed Networked Feature Selection (NFS) method and the
Optimized Robust Logistic Regression (ORLR) model. It then calculates the relationship
between selected features, via a new similarity (interaction) measure, which is capable of
handling both categorical and numerical features. Therefore, we form a new network model and
analyze the structure of relations to infer knowledge about terrorist attacks. Moreover, a graph-
based outbreak detection (as a spatial network) is proposed to define dangerous places for the
outbreak of violence.
In the second phase, after building the network, we propose a unified detection approach that
applies pattern classification techniques to network topology and features of incidents, to detect
terrorism and multiple attacks and the goal of attacks. For example, before the September 11
attack on New York City, the responsible agencies could have learned about suspicious
behaviors from the proposed network. They could have found patterns of how terrorist groups
will attack for the target place. If the event happens, they are supposed to know the event is
terrorism or a plane crash to classify the event for responsible agencies, and to reduce the
effectiveness of the attack. Afterward, if it is terrorism, they are supposed to know that the
terrorist attack will be multiple, and there is an extension (will be continued in 24 hours) or not.
At last, the government needs to know what is the goal to control and prevent future violence.
Therefore, the proposed framework is offered to understand terrorist behaviors, then to give
reactive strategies to governments.
Experimental results show the effectiveness of our framework with high accuracy for finding
patterns by comparing with actual terrorism events in 2014 and 2015. This testing data set
successfully showed how to find and understand patterns, extracted from the original data set.
The finding patterns with mostly more than 90% accuracy show that the framework can be used
to understand the future attacks. Moreover, the experimental results for the detection approach
for detection of terrorism events outperformed other traditional detection approaches. A unified

detection approach is studied with other pattern classification techniques to the proposed network
topology to improve detection accuracy. The framework is used to detect terrorism attack with
high detection accuracy, and identify the extension of attacks (with 90% accuracy), multiple
attacks (with 96% accuracy), and terrorist goals (with 92% accuracy). Finally, users will
understand the behaviors of future attacks (before events happen). Then, they will collect
knowledge about the event (after events happen). Hence, governments can control terrorist
behaviors to reduce the risk of future events. Policymakers can use these methods for time-
sensitive understanding and detection of terrorist activity, which can enable precautions to avoid
against future attacks.
As a conclusion, the results could potentially allow law enforcement to propose reactive
strategies. Furthermore, this framework used for other application areas for pattern recognition
and classification. We applied the framework to six different applications such as breast cancer,
German credit, Australian credit, StarPlus fMRI, Pima Indian diabetes, and abalone datasets.
Therefore, the framework outperforms traditional detection methods (Naive Bayes, Decision
Tree, Logistic Regression, Support Vector Machine, and k-Nearest Neighbors). The researchers
can implement this framework to investigate and detect the output with more accuracy even they
have imbalance and auto-correlated in dataset.