Using graphs for intelligence analysis

Using graphs for intelligence analysis

Using graphs for intelligence analysis

The identification and monitoring of terrorist or criminal networks are imperatives to detect threats and defeat attacks. Let’s see how Linkurious and graph visualizations can help identify and track potential dangerous individuals and networks.

Criminal or terrorist activities are rarely the acts of isolated individuals. Behind these activities we find more or less centralized organizations or networks. Intelligence experts are in charge of identifying every actors of such groups, despite their strategies to hide their connections to the networks (encrypted communication services, numerous middlemen, fake identities, etc). Getting the whole picture of the network is essential to monitor suspect activities, prevent attacks or detected potential threats.

Countering such activities is also about gathering as much information as possible, from any possible sources. The more data intelligence and security organisms are able to obtain, the easier it is to track and anticipate criminal or terrorist activities. This means that analysts and investigators have to handle large sets of heterogeneous data.

Read Also:
The conflict between data science and cybersecurity

Graph analysis is particularly suited to this sort of challenge. Graph databases allow organizations to store and query in near real-time the relationships between billions of entities. Let’s see how these systems, combined to tools like Linkurious, can help intelligence analysts identify and investigate threats.

We will dive into the investigation of a potential terrorism threat and explore how Linkurious can help identify and investigate suspicious networks.

For this purpose, we have created a dataset with fictitious data about people, including addresses, phone numbers and travel information. This data can easily be modeled as a graph:

To keep our analysis understandable we chose a very simple model with only a limited volume of data. An authentic situation will definitely involve larger volumes and a wider range of data types.

Data entities, such as individual, email, phone, are modeled as nodes. Relationships between entities are symbolized with edges, labeled with the nature of the connection. The data then forms a network.

Read Also:
The Reality of Data Management and the Future of Business Intelligence

In our graph model we have five types of nodes: people, countries, addresses and phone numbers, and as many types of edges, or relationships. Let’s start our investigation by trying to detect suspicious patterns in our data.

When dealing with large datasets, we need to find ways to focus the analysts’ attention on relevant information. Here, we want to detect potential terrorist cells. We are going to try to detect groups of at least three people who 1) visited an at-risk country (in our case Syria) and 2) are indirectly in contact (via their addresses or phone communications).

 



Predictive Analytics Innovation summit San Diego
22 Feb

$200 off with code DATA200

Read Also:
The Reality of Data Management and the Future of Business Intelligence
Read Also:
3 Ways to Improve Your Data Analysis for Your Business
Read Also:
Data breach costs exceed 20% of revenue
Big Data Paris 2017
6 Mar
Big Data Paris 2017

15% off with code BDP17-7WDATA

Read Also:
The Reality of Data Management and the Future of Business Intelligence
Read Also:
How Companies Are Turning Data Exhaust Into Cash

Leave a Reply

Your email address will not be published. Required fields are marked *