Using graphs for intelligence analysis

Using graphs for intelligence analysis

Using graphs for intelligence analysis

The identification and monitoring of terrorist or criminal networks are imperatives to detect threats and defeat attacks. Let’s see how Linkurious and graph visualizations can help identify and track potential dangerous individuals and networks.

Criminal or terrorist activities are rarely the acts of isolated individuals. Behind these activities we find more or less centralized organizations or networks. Intelligence experts are in charge of identifying every actors of such groups, despite their strategies to hide their connections to the networks (encrypted communication services, numerous middlemen, fake identities, etc). Getting the whole picture of the network is essential to monitor suspect activities, prevent attacks or detected potential threats.

Countering such activities is also about gathering as much information as possible, from any possible sources. The more data Intelligence and security organisms are able to obtain, the easier it is to track and anticipate criminal or terrorist activities. This means that analysts and investigators have to handle large sets of heterogeneous data.

Read Also:
Open Belgium

Graph analysis is particularly suited to this sort of challenge. Graph databases allow organizations to store and query in near real-time the relationships between billions of entities. Let’s see how these systems, combined to tools like Linkurious, can help intelligence analysts identify and investigate threats.

We will dive into the investigation of a potential terrorism threat and explore how Linkurious can help identify and investigate suspicious networks.

For this purpose, we have created a dataset with fictitious data about people, including addresses, phone numbers and travel information. This data can easily be modeled as a graph:

To keep our analysis understandable we chose a very simple model with only a limited volume of data. An authentic situation will definitely involve larger volumes and a wider range of data types.

Data entities, such as individual, email, phone, are modeled as nodes. Relationships between entities are symbolized with edges, labeled with the nature of the connection. The data then forms a network.

Read Also:
Elastic brings order to its product line with Elastic Stack

In our graph model we have five types of nodes: people, countries, addresses and phone numbers, and as many types of edges, or relationships. Let’s start our investigation by trying to detect suspicious patterns in our data.

When dealing with large datasets, we need to find ways to focus the analysts’ attention on relevant information. Here, we want to detect potential terrorist cells. We are going to try to detect groups of at least three people who 1) visited an at-risk country (in our case Syria) and 2) are indirectly in contact (via their addresses or phone communications).

 



Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
Moving to the Cloud: 3 Ways to Ensure Data Sovereignty

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
Building effective “Citizens Data Scientist” teams

Chief Data Officer Summit San Francisco

7
Jun
2017
Chief Data Officer Summit San Francisco

$200 off with code DATA200

Read Also:
AI, robotics and the future of work
Read Also:
OpenDefra: 8,000+ open datasets released in one year

Customer Analytics Innovation Summit Chicago

7
Jun
2017
Customer Analytics Innovation Summit Chicago

$200 off with code DATA200

Read Also:
When Big Data, IoT and Geospatial Technology Collide

HR & Workforce Analytics Innovation Summit 2017 London

12
Jun
2017
HR & Workforce Analytics Innovation Summit 2017 London

$200 off with code DATA200

Read Also:
OpenDefra: 8,000+ open datasets released in one year

Leave a Reply

Your email address will not be published. Required fields are marked *