|
Preface |
6 |
|
|
Acknowledgements |
14 |
|
|
Contents |
16 |
|
|
Part I Data and Data Acquisition |
20 |
|
|
The Global Terrorism Database, 1970 –2010 |
21 |
|
|
1 Introduction |
21 |
|
|
1.1 Terrorism Data from Open Sources |
23 |
|
|
1.1.1 Limitations of Event Databases |
25 |
|
|
1.1.2 Strengths of Event Databases |
26 |
|
|
1.2 World-Wide Terrorism |
1.2 World-Wide Terrorism |
|
|
2 Conclusions |
37 |
|
|
A.1 Appendix A Countries Listed Under Each Region According to GTD |
38 |
|
|
References |
40 |
|
|
Automated Coding of Political Event Data |
41 |
|
|
1 Introduction and Overview |
41 |
|
|
1.1 Human Versus Machine Coding |
43 |
|
|
2 Text Acquisition and Formatting |
46 |
|
|
2.1 Filtering: Irrelevant Stories |
47 |
|
|
2.2 Filtering: Duplicates |
48 |
|
|
3 Coding Ontologies |
49 |
|
|
3.1 Events |
50 |
|
|
3.2 Actors |
53 |
|
|
4 Actor Dictionaries and Named Entity Recognition |
55 |
|
|
5 Pre-processing Using NLP Tools |
56 |
|
|
6 Coding and Post-processing |
60 |
|
|
6.1 Cluster Processing |
60 |
|
|
6.2 One-A-Day Filtering |
61 |
|
|
6.3 Sophisticated Error Detection/Correction |
61 |
|
|
7 Open Issues |
62 |
|
|
7.1 Geolocation |
62 |
|
|
7.2 Machine Translation |
62 |
|
|
7.3 Real-Time Coding |
63 |
|
|
8 Conclusion |
65 |
|
|
References |
66 |
|
|
Automatic Extraction of Events from Open Source Text for Predictive Forecasting |
68 |
|
|
1 Introduction |
68 |
|
|
2 Task Description |
70 |
|
|
3 System Descriptions |
70 |
|
|
3.1 Tabari |
70 |
|
|
3.2 BBN SERIF |
71 |
|
|
4 Experiment Design |
75 |
|
|
4.1 Evaluation Corpus |
75 |
|
|
4.2 Evaluation Procedure |
75 |
|
|
5 Evaluation Results |
76 |
|
|
5.1 Overview |
76 |
|
|
5.2 Comparison to Previous Studies |
77 |
|
|
5.3 Error Analysis |
78 |
|
|
5.4 System Overlap |
80 |
|
|
5.5 Historical Events |
80 |
|
|
5.6 Topic Filtering |
81 |
|
|
5.7 Adapting to New Corpora |
82 |
|
|
6 Conclusion |
83 |
|
|
References |
83 |
|
|
Automated Coding of Decision Support Variables |
85 |
|
|
1 Introduction |
85 |
|
|
2 Related Work |
86 |
|
|
3 Automatic Coding Engine |
87 |
|
|
3.1 Preprocessing |
89 |
|
|
3.2 Linguistic Sensors |
90 |
|
|
3.3 Logic Layer |
91 |
|
|
4 Implementation and Experiments |
93 |
|
|
4.1 Precision and Recall |
94 |
|
|
4.2 Time |
95 |
|
|
5 Conclusions and Future Work |
95 |
|
|
References |
96 |
|
|
Part II Behavioral Models and Forecasting |
97 |
|
|
Qualitative Analysis & Computational Techniques for the Counter-Terror Analyst |
98 |
|
|
1 Introduction |
98 |
|
|
1.1 Counter-Terror Research Needs |
1.1 Counter-Terror Research Needs |
|
|
1.2 Qualitative Research Overview |
99 |
|
|
1.2.1 Contrasting Qualitative and Quantitative Research |
100 |
|
|
1.2.2 Qualitative vs. Quantitative Research in the Context of Counter-Terrorism |
100 |
|
|
1.3 Understanding Terrorist Group Behavior |
101 |
|
|
1.3.1 Employing the Strategic Perspective |
101 |
|
|
1.3.2 Attacking Organizational Weakness |
104 |
|
|
1.3.3 Applications of Communications Theory |
106 |
|
|
1.4 Studying the Individual Terrorist |
107 |
|
|
1.4.1 Counter-Radicalization Strategies |
108 |
|
|
1.4.2 Facilitating Desertions |
109 |
|
|
2 Conclusions |
110 |
|
|
References |
110 |
|
|
SOMA: Stochastic Opponent Modeling Agents for Forecasting Violent Behavior |
113 |
|
|
1 Introduction |
113 |
|
|
2 Representing Terror Group Behavior: Action Probabilistic Logic Programs |
115 |
|
|
3 Forecasting Terror Group Behavior: Finding the Most Probable World |
121 |
|
|
3.1 A First Approach to Forecasting in SOMA |
123 |
|
|
3.2 Scalable Algorithms for Forecasting Terror Group Behavior |
124 |
|
|
3.2.1 Head-Oriented Processing |
125 |
|
|
3.2.2 Randomized Heuristic Behavioral Forecasts |
130 |
|
|
4 Distributed Computation for Forecasting in SOMA |
131 |
|
|
4.1 Parallelism for Reducing Computation Time |
131 |
|
|
4.2 Parallelism for Increasing Computational Capacity |
132 |
|
|
4.3 Parallelism for Improving Solution Accuracy |
134 |
|
|
5 Applications of ap-Programs |
136 |
|
|
6 Conclusions |
139 |
|
|
References |
140 |
|
|
Data-based Computational Approaches to ForecastingPolitical Violence |
142 |
|
|
1 Introduction and Overview |
142 |
|
|
1.1 The Development of Technical Political Forecasting |
144 |
|
|
2 Data Sources |
145 |
|
|
2.1 Structural Data |
146 |
|
|
2.2 Dyadic Data |
147 |
|
|
2.3 Atomic Event Data |
147 |
|
|
2.4 Composite Event Data |
148 |
|
|
2.5 Social Media and Other Unstructured Data Sources |
148 |
|
|
2.6 The Challenges of Data Aggregation |
149 |
|
|
2.6.1 Actors |
149 |
|
|
2.6.2 Actions |
150 |
|
|
2.6.3 Temporal |
150 |
|
|
3 Statistical Approaches |
150 |
|
|
3.1 Cross-Sectional Regression and Logit |
151 |
|
|
3.2 Classical Time Series |
152 |
|
|
3.3 Vector Autoregression Models |
154 |
|
|
3.4 Event-History and Survival Models |
155 |
|
|
3.5 Rare-Events Models |
156 |
|
|
4 Algorithmic Approaches |
158 |
|
|
4.1 Supervised Cross-Sectional Classification Methods |
159 |
|
|
4.1.1 Linear Approaches |
159 |
|
|
4.1.2 Neural Networks |
159 |
|
|
4.1.3 Tree-Based Algorithms |
160 |
|
|
4.2 Unsupervised Methods |
161 |
|
|
4.2.1 Dimension Reduction |
161 |
|
|
4.2.2 Clustering |
161 |
|
|
4.3 Sequence Development: Hidden Markov Models |
162 |
|
|
4.4 Sequence Analysis: Sequence Matching |
163 |
|
|
4.4.1 Archetypal Sequence Matching |
164 |
|
|
4.4.2 Convex Algorithms |
165 |
|
|
5 Network Models |
166 |
|
|
5.1 Social Network Analysis Models |
166 |
|
|
5.2 Geo-spatial Models |
167 |
|
|
6 Conclusion |
167 |
|
|
References |
169 |
|
|
Using Hidden Markov Models to Predict Terror Before it Hits (Again) |
176 |
|
|
1 Introduction |
176 |
|
|
1.1 Hidden Markov Models |
177 |
|
|
1.2 Issues and Implications |
179 |
|
|
1.3 Data Development and Pre-processing |
179 |
|
|
1.4 Training (Baum-Welch estimates) |
182 |
|
|
1.4.1 Approach, Initial Estimates and Alternative Models |
182 |
|
|
1.4.2 Sequence Length, Iterations and Losses |
183 |
|
|
1.4.3 Global and Prior Estimates |
183 |
|
|
1.4.4 Global, Cut (Training Set) and Most Recent Densities |
184 |
|
|
1.4.5 Optimization (Viterbi State Trajectories) |
184 |
|
|
2 Forecasting |
185 |
|
|
2.1 Iraq and Afghanistan Results |
186 |
|
|
2.2 Testing of Results and Technical Discussion |
189 |
|
|
3 Conclusions |
190 |
|
|
4 Training |
191 |
|
|
A.1 Appendix A: Technical Details |
191 |
|
|
References |
192 |
|
|
Forecasting Group-Level Actions Using Similarity Measures |
194 |
|
|
1 Introduction |
194 |
|
|
1.1 Related Work |
195 |
|
|
1.2 Contributions and Organization of This Work |
197 |
|
|
2 Behavioral Time Series Data |
197 |
|
|
3 A Formal Vector Model of Agent Behaviors |
198 |
|
|
4 Algorithms for Forecasting Agent Behavior |
199 |
|
|
4.1 Distance Functions |
199 |
|
|
4.2 The CONVEXk_NN Algorithm |
201 |
|
|
4.3 The CONVEXMerge Algorithm |
203 |
|
|
5 Implementation and Experiments |
205 |
|
|
6 Forecasting Situations |
208 |
|
|
7 Conclusions |
210 |
|
|
References |
211 |
|
|
Forecasting the Use of Violence by Ethno–Political Organizations: Middle Eastern Minorities and the Choice of Violence |
213 |
|
|
1 Introduction |
213 |
|
|
2 Efforts at Forecasting in Past |
214 |
|
|
3 Forecasting Ethnic Violence: MAROB |
215 |
|
|
4 Forecasting from Engineering to the Social Sciences |
216 |
|
|
5 Probabilistic Modeling Process Overview |
219 |
|
|
5.1 Imputation of Missing Values |
220 |
|
|
5.2 Factor Selection |
220 |
|
|
5.3 Massage Data |
222 |
|
|
5.4 Classification |
223 |
|
|
5.5 Validation and Performance Assessment |
226 |
|
|
6 Sensitivity Analysis |
227 |
|
|
7 Classification and Forecasting Results |
228 |
|
|
8 Conclusion |
231 |
|
|
Appendix |
232 |
|
|
References |
234 |
|
|
Forecasting Changes in Terror Group Behavior |
237 |
|
|
1 Introduction |
237 |
|
|
2 CAPE Architecture |
238 |
|
|
2.1 SitCAST Situation Forecaster |
241 |
|
|
2.2 SitCAST and CONVEX |
242 |
|
|
2.3 The CAPE Algorithms |
245 |
|
|
2.3.1 The Change Table |
245 |
|
|
2.4 Learning Change Indicators from the Change Table |
247 |
|
|
2.5 The CAPE-Forecast Algorithm |
250 |
|
|
3 Implementation and Experiments |
251 |
|
|
4 Related Work |
252 |
|
|
5 Conclusions |
254 |
|
|
References |
255 |
|
|
Using Temporal Probabilistic Rules to Learn Group Behavior |
256 |
|
|
1 Introduction |
256 |
|
|
2 Modeling Group Behavior with Temporal Probabilistic Logic Programs |
258 |
|
|
2.1 Database Schema for a Group's Past Behavior |
258 |
|
|
2.2 Syntax |
259 |
|
|
3 Automatically Learning Rules from Historical Data |
262 |
|
|
3.1 Automatic Extraction of TP-Rules |
262 |
|
|
3.1.1 SOMA Rules |
262 |
|
|
3.1.2 Subrahmanian-Ernst Algorithm: Preliminaries |
263 |
|
|
3.1.3 The Subrahmanian-Ernst Algorithm and an Adaptation to TPLPs |
266 |
|
|
3.2 Toward Converting TP-Rules into Policy Recommendations |
268 |
|
|
3.2.1 Computational Policies |
269 |
|
|
3.2.2 Iteratively Computing All Policies |
270 |
|
|
4 Policy Recommendations and Lashkar-e-Taiba |
272 |
|
|
4.1 Experimental Methodology and Learned Rules |
272 |
|
|
4.2 Policies That Potentially Eliminate or Reduce Violent Attacks by Lashkar-e-Taiba |
274 |
|
|
5 Conclusions and Directions for Future Research |
275 |
|
|
References |
276 |
|
|
Part III Terrorist Network Analysis |
278 |
|
|
Leaderless Covert Networks: A Quantitative Approach |
279 |
|
|
1 Introduction |
279 |
|
|
2 Covert Network Models and Centrality |
281 |
|
|
3 Homogeneous Networks |
282 |
|
|
4 Heterogeneous Networks |
285 |
|
|
5 Case: Jemaah Islamiyah's Bali Bombing |
287 |
|
|
6 Conclusion |
288 |
|
|
7 Methods Summary |
289 |
|
|
7.1 Information Measure I |
289 |
|
|
7.2 Homogeneous Secrecy Measure Shom |
289 |
|
|
7.3 Heterogeneous Secrecy Measure Shet |
290 |
|
|
7.4 Balanced Trade-Off Performance Measure µ |
290 |
|
|
7.5 Game Theoretic Centrality |
290 |
|
|
References |
291 |
|
|
Link Prediction in Highly Fractional Data Sets |
293 |
|
|
1 Introduction |
293 |
|
|
2 Background |
295 |
|
|
2.1 Social Networks of Terrorists |
295 |
|
|
2.2 Link Prediction |
295 |
|
|
3 Social Network Datasets |
296 |
|
|
4 Methods and Experiments |
301 |
|
|
4.1 Experimental Setup |
301 |
|
|
4.2 Feature Extraction |
303 |
|
|
5 Results |
304 |
|
|
6 Conclusion |
308 |
|
|
References |
308 |
|
|
Data Analysis Based Construction and Evolution of Terrorist and Criminal Networks |
311 |
|
|
1 Introduction |
311 |
|
|
2 Network Construction |
313 |
|
|
2.1 Network Re-construction |
316 |
|
|
3 Network Partitioning |
319 |
|
|
3.1 Method |
321 |
|
|
3.1.1 Construction |
321 |
|
|
3.1.2 Partition |
322 |
|
|
3.1.3 Computation |
323 |
|
|
3.2 Results |
323 |
|
|
4 Link Prediction |
325 |
|
|
4.1 Link Prediction Method |
326 |
|
|
4.2 Results and Discussions |
329 |
|
|
4.2.1 Success Criteria |
329 |
|
|
5 Conclusions |
330 |
|
|
References |
330 |
|
|
CrimeFighter Investigator: Criminal Network Sense-Making |
332 |
|
|
1 Introduction |
332 |
|
|
2 Criminal Network Sense-Making |
333 |
|
|
2.1 Criminal Network Investigation Model |
335 |
|
|
2.2 Sense-Making Tasks |
336 |
|
|
3 CrimeFighter Investigator |
342 |
|
|
3.1 Conceptual Model |
344 |
|
|
3.2 Computational Model |
345 |
|
|
3.3 Structural Parser |
351 |
|
|
4 Scenario: Investigating Linkage Between DNRI and AQAM |
354 |
|
|
4.1 The Scenario |
355 |
|
|
4.2 Summary |
360 |
|
|
5 Related Work |
361 |
|
|
6 Conclusion and Future Work |
364 |
|
|
References |
365 |
|
|
Part IV Systems, Frameworks, and Case Studies |
369 |
|
|
The NOEM: A Tool for Understanding/Exploring the Complexities of Today's Operational Environment |
370 |
|
|
1 Introduction |
370 |
|
|
1.1 A Step Forward |
373 |
|
|
1.2 Supporting Stability Operations |
374 |
|
|
1.2.1 Modeling and Simulation Support to Stability Ops |
376 |
|
|
1.3 The National Operational Environment Model |
382 |
|
|
2 NOEM Overview |
385 |
|
|
2.1 The Model |
385 |
|
|
3 Using the NOEM Tools |
388 |
|
|
3.1 Point or Event Based Analysis |
388 |
|
|
3.2 Prospective Analysis |
3.2 Prospective Analysis |
|
|
3.3 Model Validation |
3.3 Model Validation |
|
|
3.3.1 Verification and Face Validation |
398 |
|
|
3.3.2 Inverse V&V |
401 |
|
|
4 Conclusion |
404 |
|
|
5 Disclaimer |
404 |
|
|
References |
404 |
|
|
A Multi-Method Approach for Near Real Time Conflict and Crisis Early Warning |
407 |
|
|
1 Introduction |
407 |
|
|
1.1 Building on Previous Research |
407 |
|
|
1.2 DARPA's ICEWS Program |
410 |
|
|
1.3 Adjusting to Operational Reality: Lessons Learned from the ICEWS Program |
412 |
|
|
2 Components of the ICEWS System |
414 |
|
|
2.1 iTRACE |
414 |
|
|
2.2 iSENT |
416 |
|
|
2.3 iCAST |
419 |
|
|
3 Summary and Conclusion |
422 |
|
|
References |
423 |
|
|
A Realistic Framework for Counter-terrorism in Multimedia |
425 |
|
|
1 Introduction |
425 |
|
|
2 Violence in Videos |
427 |
|
|
2.1 Violence Identification in Videos |
427 |
|
|
2.2 Semantics Extraction in Videos |
429 |
|
|
2.3 Existing Methods |
433 |
|
|
3 Proposed Methodology |
435 |
|
|
3.1 A Realistic Framework |
435 |
|
|
3.2 Story-Line of Violent Scene |
442 |
|
|
3.3 Degree of Violence |
443 |
|
|
4 Discussion |
443 |
|
|
5 Conclusion |
444 |
|
|
References |
445 |
|
|
PROTECT in the Ports of Boston, New York and Beyond: Experiences in Deploying Stackelberg Security Games with Quantal Response |
447 |
|
|
1 Introduction |
447 |
|
|
2 Background |
449 |
|
|
2.1 Stackelberg Security Game |
449 |
|
|
2.2 Deployed Security Applications |
450 |
|
|
3 USCG and PROTECT's Goals |
451 |
|
|
4 Key Innovations in PROTECT |
452 |
|
|
4.1 Game Modeling |
453 |
|
|
4.2 Compact Representation |
455 |
|
|
4.3 Human Adversary Modeling |
457 |
|
|
5 Evaluation |
459 |
|
|
5.1 Memory and Run-time Analysis |
459 |
|
|
5.2 Utility Analysis |
460 |
|
|
5.3 Robustness Analysis |
461 |
|
|
5.4 USCG Real-World Evaluation |
463 |
|
|
5.5 Outcomes Following the Boston Implementation |
465 |
|
|
6 Lessons Learned: Putting Theory into Practice |
465 |
|
|
7 Summary and Related Work |
467 |
|
|
References |
468 |
|
|
Government Actions in Terror Environments (GATE): A Methodology that Reveals how Governments Behave toward Terrorists and their Constituencies |
470 |
|
|
1 Introduction |
470 |
|
|
2 What is known about Government Actions to End Terrorism |
471 |
|
|
3 Introducing the GATE Database |
476 |
|
|
3.1 The Data Described |
480 |
|
|
4 Exploring Counterterrorism Effectiveness Using GATE Data |
483 |
|
|
4.1 The Effectiveness of Israeli Actions on Palestinian Terrorist Violence |
485 |
|
|
4.2 The Effectiveness of Turkish Actions on Kurdish Terrorist Violence |
487 |
|
|
5 Conclusion |
488 |
|
|
References |
489 |
|
|
Part V New Directions |
492 |
|
|
A CAST Case-Study: Assessing Risk in the Niger Delta |
493 |
|
|
1 Introduction |
493 |
|
|
1.1 Component 1: Theory |
494 |
|
|
1.2 Component 2: Data |
497 |
|
|
1.2.1 Context |
497 |
|
|
1.2.2 Events |
498 |
|
|
1.2.3 Participatory Early Warning and Conflict Mapping |
501 |
|
|
1.3 Component 3: Analysis |
505 |
|
|
1.3.1 Background: The Origins of Conflict in the Niger Delta |
505 |
|
|
1.3.2 The Niger Delta in 2011 |
512 |
|
|
1.3.3 Conclusion and Outlook for the Future: Mitigating Terrorism Risks |
515 |
|
|
References |
516 |
|
|
Policy Analytics Generation Using Action Probabilistic Logic Programs |
518 |
|
|
1 Introduction |
518 |
|
|
2 Preliminaries |
520 |
|
|
2.1 Syntax |
520 |
|
|
2.2 Semantics of ap-Programs |
521 |
|
|
3 Abductive Queries to Probabilistic Logic Programs |
523 |
|
|
3.1 Algorithms for BAQA over Threshold Queries |
524 |
|
|
4 Cost-Based Abductive Query Answering |
528 |
|
|
5 Parallel Solutions for Abductive Query Answering |
532 |
|
|
5.1 Parallel Selection of Entailing States |
533 |
|
|
5.2 Parallel Sampling of State Paths |
534 |
|
|
6 Experimental Results |
535 |
|
|
6.1 Empirical Evaluation of Algorithms for CBQA |
535 |
|
|
6.2 Empirical Evaluation of Parallel Algorithms for CBQA |
538 |
|
|
7 Related Work |
542 |
|
|
8 Conclusions |
543 |
|
|
References |
544 |
|
|
The Application of Search Games to Counter Terrorism Studies |
546 |
|
|
1 The Mathematics of Search Games |
548 |
|
|
1.1 A Brief History of Search Games |
548 |
|
|
1.2 Search Games on Networks |
550 |
|
|
1.3 Games of Degree and Multi-agent Games |
552 |
|
|
2 Some Counter-Terrorism Search Games |
553 |
|
|
2.1 The Patrolling Game |
553 |
|
|
2.2 Disperse or Unite |
555 |
|
|
2.3 Finding a Moving Fugitive |
556 |
|
|
2.4 Some Remarks on Multi-agent Search Games |
558 |
|
|
3 Summary |
558 |
|
|
References |
559 |
|
|
Temporal and Spatial Analyses for Large-Scale Cyber Attacks |
561 |
|
|
1 Introduction |
561 |
|
|
2 Intrusion Detection and Alert Correlation |
562 |
|
|
3 Attack Characterization and Prediction |
564 |
|
|
4 Host Clustering and Botnet Detection |
567 |
|
|
5 Coordinated Attacks |
568 |
|
|
6 Spatial and Temporal Analyses for Coordinated Attacks |
571 |
|
|
7 Conclusion |
578 |
|
|
References |
578 |
|