Prototype and analytics for discovery and exploitation of threat networks on social media
November 26, 2019
2019 European Intelligence and Security Informatics Conference, EISIC, 26-27 November 2019.
Identifying and profiling threat actors are high priority tasks for a number of governmental organizations. These threat actors may operate actively, using the Internet to promote propaganda, recruit new members, or exert command and control over their networks. Alternatively, threat actors may operate passively, demonstrating operational security awareness online while using their Internet presence to gather information they need to pose an offline physical threat. This paper presents a flexible new prototype system that allows analysts to automatically detect, monitor and characterize threat actors and their networks using publicly available information. The proposed prototype system fills a need in the intelligence community for a capability to automate manual construction and analysis of online threat networks. Leveraging graph sampling approaches, we perform targeted data collection of extremist social media accounts and their networks. We design and incorporate new algorithms for role classification and radicalization detection using insights from social science literature of extremism. Additionally, we develop and implement analytics to facilitate monitoring the dynamic social networks over time. The prototype also incorporates several novel machine learning algorithms for threat actor discovery and characterization, such as classification of user posts into discourse categories, user post summaries and gender prediction.