The identification and monitoring of terrorist or criminal networks are imperatives to detect threats and defeat attacks. Let’s see how Linkurious and graph visualizations can help identify and track potential dangerous individuals and networks.
Criminal or terrorist activities are rarely the acts of isolated individuals. Behind these activities we find more or less centralized organizations or networks. Intelligence experts are in charge of identifying every actors of such groups, despite their strategies to hide their connections to the networks (encrypted communication services, numerous middlemen, fake identities, etc). Getting the whole picture of the network is essential to monitor suspect activities, prevent attacks or detected potential threats.
Countering such activities is also about gathering as much information as possible, from any possible sources. The more data intelligence and security organisms are able to obtain, the easier it is to track and anticipate criminal or terrorist activities. This means that analysts and investigators have to handle large sets of heterogeneous data.
Graph analysis is particularly suited to this sort of challenge. Graph databases allow organizations to store and query in near real-time the relationships between billions of entities. Let’s see how these systems, combined to tools like Linkurious, can help intelligence analysts identify and investigate threats.
We will dive into the investigation of a potential terrorism threat and explore how Linkurious can help identify and investigate suspicious networks.
For this purpose, we have created a dataset with fictitious data about people, including addresses, phone numbers and travel information. This data can easily be modeled as a graph:
To keep our analysis understandable we chose a very simple model with only a limited volume of data. An authentic situation will definitely involve larger volumes and a wider range of data types.
Data entities, such as individual, email, phone, are modeled as nodes. Relationships between entities are symbolized with edges, labeled with the nature of the connection. The data then forms a network.
In our graph model we have five types of nodes: people, countries, addresses and phone numbers, and as many types of edges, or relationships. Let’s start our investigation by trying to detect suspicious patterns in our data.
When dealing with large datasets, we need to find ways to focus the analysts’ attention on relevant information. Here, we want to detect potential terrorist cells. We are going to try to detect groups of at least three people who 1) visited an at-risk country (in our case Syria) and 2) are indirectly in contact (via their addresses or phone communications).