DEVELOPMENT OF ENHANCED BAYESIAN MODEL FOR DETECTION OF COVERT MEMBERS IN CRIMINAL NETWORKS USING TELECOMMUNICATION METADATA

ABSTRACT

Crime has become a global challenge in recent times. The phenomenon has become a difficult task that military war-fare approach alone can address effectively without intelligence. Criminal intelligence involves gathering data on criminal activities and participants for preparing deplorable strategies and interventions.  Social  Network  Analysis  (SNA)  offers  supportive  tools  for  analysing  Organised Criminal Groups (OCGs) and identifying important nodes with conspicuous relationship as its priority. SNA-based techniques arrived at key players in criminal network with nodes that have high SNA metric values. Apart from datasets challenge, SNA is a weak scheme for key players in OCGs because conspicuous links raise susceptibility of vibrant participants while silent key actors are concealed. Also, status of key actors in OCGs are unrelated with SNA metrics. Scatter-graph of vulnerability and strategic positions was devised to mitigate unrelatedness of SNA metrics for detection of key players in Criminal Social Network (CSN). The scheme identifies actors that have both high vulnerability and high strategic position values at the same time. This is synonymous to Influence Maximization (IM) – set of nodes that have high influence. Silent key players or legitimate actors in adversary network still remain unresolved. Missing node concept works towards set of nodes not known initially as part of a social criminal group. It has high affinity for well-connected nodes than marginal nodes. Node discovery scheme unravels latent structure behind key players within CSN. The scheme pinched on multiple  sources of data about a criminal group  yet  legitimate actor are not captured. Inference approach offers probability-based prediction for detecting covert nodes yet only well-connected nodes with conspicuous relationships are still identifiable. The development of Enhanced Bayesian Model aimed at predicting key players like financial aiders and ammunition suppliers with evasive attitudes. It was conceived towards inherent problem of erratic behaviour and structural equivalence abating key-players from theoretical graph-based. Bayesian model and Recursive Bayesian Filter (RBF) algorithm were combined to have Enhanced Bayesian Network Model (EnBNM) with RBF to lower error rate and improve prediction. EnBNM scheme re-ranks participant’s attribute by assigning inference  to  nodes base on  conditional  probability of Bayesian  model. EnBNM’s algorithm  was validated using ground truth and SNA-Q model adopted for classifying Criminal Profile Status (CPS). EnBNM was tested using dataset of participants in November 17 Greece revolutionary group – (N’17) and data of participants in September 11 Al-Qaeda terrorist group – (9/11). For N’17 dataset, EBNM detected all alleged and convicted leaders. Additional two actors were detected who had the same CPS with convicted leaders. EnBNM also detected marginal actors; participants with high tendency to evasion. Out of four (4) detected fugitives, two of them belong to the first-generation leadership (G) faction. For 9/11: nine (9) out of nineteen (19) central participants detected by EBNM have the same CPS with convicted leaders. It means that seven (7) more actors are detected as additional key players by EnBNM that previous models did not detect. Six of these actors detected are conspirators. A financial aider to the group was detected among fugitives. The results corroborate that terrorist organisations are self-organised with decentralised key players as a measure to minimize effect of security perturbation. The simulation results showed that the court judgement of the N’17 group was 40% in error as additional two actors were detected by EBNM apart from the three convicted leaders by court. It shows that support of intelligence is highly needed for effective disruption of OCG and terrorism. The EnBNM algorithm also detected over 80% of legitimate actors – less vulnerable participants in the 9/11 terrorist group and has 59.09% accuracy score in detection of conspirators.

CHAPTER ONE

1.0 INTRODUCTION

1.1 Background to the Study

Different parts of the globe have one security challenge or the other in the form of persistent conflicts. Organised crime has become a global phenomenon, represented in a confluence of conflicts from Africa, to the Middle East and the Americas, with distinct linkage response to international terrorism (Interpol, 2018). Consequences of these crimes are on the increase considering the rising number of victims and Internally Displaced People (IDP) (United Nations, 2014; Barnes, 2017). For instance, over 3000 died in the USA September 11, 2001 attacks. Approximately 27,000 lives have been lost to the Boko-Haram insurgency in Nigeria, while money earmarked for containing insecurity are too exorbitant (Tayebi, 2015; Ashby, 2016).

Perpetrators of various heinous crimes are described as dark networks or criminal organisations (Morselli, 2009; Manning, 2010; Brunetto et al., 2016). Dark networks are known to be the interconnection of individuals or Organised Crime Groups (OCGs) (Malm & Bichler, 2011). The interconnections among members of criminal groups had been identified as factors responsible for resilience of criminal organisations (Behzadan, 2016; Salvatore  et  al.,  2016).  It  has  also  been  observed  that  conventional  military warfare approaches are becoming ineffective for combating criminal organisations without incorporation and support of intelligence about criminal organisations (Malm & Bichler, 2011; Minor, 2012; Gunnell et al., 2016).

Social Network Analysis (SNA) is found supportive to criminal intelligence investigations (Keller, 2015; Jones et al., 2018). It was initially designed as a model for describing various relationships, ties, and transactions among members of organisations (Le, 2012; Molinero et al., 2018). It has become a method for rendering solutions for complex related systems (Basu, 2014). Some academia advocate for incorporation of SNA into criminal investigation(Sparrow, 1991; Kreb, 2002).This had been intensified in some recent works (Brunetto et al., 2016; Bright et al., 2017; Grassi et al., 2019).

However, some  works  have identified  the inadequacy of SNA.  Karthika and  Bose (2011) considered SNA as inappropriate data mining techniques for criminal networks. It was stated that SNA only discovers patterns from the known structures and not from the hidden structure like terrorist networks. Kitsak et al. (2010) observed that the best spreaders or influencers are not necessary being the most highly connected or central node. Husslage et al. (2012) opined that the Flat Organisational Structure (FOS) and leaderless principle imbibed by criminal organisations constituted factors that conceal high-profile criminals and affiliates. This suggests that functional covert networks do not have a high distinction between the centrality of the individuals, that is, they are leaderless.

Borgatti (2006) provided definitions of the Key Player Problem (KPP). It is a crystal clear concept that dislodges SNA metrics capacities in identifying all key players within a social network (Ortiz-arroyo, 2010).

Ozgul revealed different topologies on terrorist organisations based on their formations from literature (Ozgul, 2016). The work stresses that variation in terrorist topologies plays an essential role in the positions of most members who play key roles. Terrorist groups are resilience because critical players who are vital to the organisations’ existence and recuperations are missed or evade detection. Eiselt and Bhadury (2015) identified dynamic positions of key players as one carried out through manipulating conversation. The manipulation pave way for important members to look like unimportant actors while less important members look like prominent ones. In short, manipulation has potential of distracting attention of detectives from real vital players.

Positions of participants in social networks are dynamic. This has also attracted the attention of  academia  and  criminal  investigators  by devising  techniques  for  mining  high-profile criminals from decentralized and dynamic networks. Dynamic relationships exist among participants in OCGs. Study and adopting common topological analysis are becoming inadequate   strategies   for   disrupting   criminal   network   because   relationships   among syndicates are absurd. Yao explores dynamic network to identify hidden relationships (Yao et al., 2016). Basaras et al. (2017) developed a technique that supports a dynamic network. The development of dynamic centrality metrics provides alternative to address dynamicity in a complex network (Yao et al., 2016; Huang & Yu, 2017).

Dynamism in social network is more connected to rumour spreading, computer virus attack and human infection disease than criminal network organisations (Basaras, 2013). It is about identifying influential spreader and spreading capacity of actors; that is actors capable of infent other actors or transmit infectious diseases. This is an attribute that high-profile and affiliate key players to terrorist groups might not be bound to (Liu et al., 2016; Zhang et al., 2016; Wang et al., 2017).

Data  is  becoming  prominent  for  developing  preventive  strategies  against  incessant crimes orchestrated by OCG (Ashby, 2016). Preventive strategies are meant to find either long term or short-term measures to forestall future reoccurrence (Maeno & Ohsawa, 2007a). Such mechanism lowers confrontations between security agencies and foot soldier terrorists. It offers law enforcement agencies ample time to study members in the data and to identify hidden members – especially those that are more pertinent to the existence of the organisation.

Analysing crime data is one of strategies for obtaining criminal intelligence to support conventional  warfare  approaches.  Crime  data  contain  various  information  about criminal activities including covert member those that overt members work for (Hulst, 2009). There is more potential to identify high-profile criminals within an OCG through analysing their crime data than in the warfare confrontation which they hardly participated (Ismail et al., 2017). Crime data have fundamental challenges related to sources and reliability (Berlusconi, 2013).

Data sources and reliability dominated the notion on data defectiveness. These have potential of influencing network structures of participants. The principal suspect is that defective  data  conceal  influential  participants  and  affiliates  (Butt  et  al.,  2014; Berlusconi et al., 2016). Objectively, defectiveness is generic and inevitable on any data. For crime data, it connotes omission of inconspicuous relationships or missing links (Kossinets, 2006;Parisi et al., 2018). It also denotes exclusion of some participants called missing nodes (Maeno, 2007, Eyal et al., 2011; Sina et al., 2013). The two insinuations – omission of relationships and high-profile participants undermine the efficiency of security intervention and intelligence (Duijn et al., 2014).

This research aimed at using telecommunication metadata of a terrorist or militant group as a reliable, formidable and robust data for tackling data defectiveness. Gunnell (2016) presents different classes of grading police intelligence data. The ubiquitous use of mobile phones was identified as a reliable source for crime data (Varese, 2013; Basu, 2014). Telecommunication metadata as underlying information, contain blueprint on activities of mobile phone users. It is regarded as the best for predicting behaviours of mobile phone users as well as to replicate individuals with respects to social relations be it in groups, online or offline transactions(Campana & Varese, 2012; Butt et al., 2014; Ferrara et al., 2014).

Besides, huge data are produced daily from the use of mobile phones which should be used by security operatives in fighting terrorism and other crimes. Unfortunately, majority of researches caried out on terrorism make use of open-source data. A number of research done on the 9/11 attacks also made use of open source data (Kreb, 2002; Levi, 2007; Eilstrup-Sangiovanni & Jones, 2008; Course & Hill, 2014). Data about phone users participating in various criminal activities can be extracted from telecommunication gadget(Memon et al., 2011; Ferrara et al., 2014; Onwuka; et al., 2016).

Telecommunication metadata is a collection of recorded information about phone-user such as location, altitude, time of call and duration of calls. These contain useful tips to identify phone users participating in illegal activities and to prepare adequate interventions. Thus, detection of high-profile criminals not well known to security agencies could be tracked from telecommunication metadata, and it can aid security efforts towards combating criminal organisation resilience.

Access to intelligence data alone is not sufficient to tackle the problem of critical players; as knowledge of theoretical graph and conception analysis are also inadequate to solve it. Hulst (2009) opined that SNA is a promising tool needed by law enforcement agencies. Specific methodological problems associated with criminal intelligence data and lack of experience with SNA applications hampered researcher’s ability to improve knowledge   of   organised   crime   and   terrorism.   Key   players   in   terrorism   have contravening attributes to that of influential actors in the open organisations – none criminal organisations (Ismail et al., 2017).

Lampe  (2009)  proposed  two  features  for  identifying  prominent  members of  adversary networks. The features are human capital and social capital attributes. The human capital attribute is to supplement social capital attribute of criminal actors. The social capital attributes are obtainable through SNA metrics (Bright et al., 2015). Methods for identifying human capital attributes are rare in literature, but it had been cajoled through SNA illustrated in (Gunnell et al., 2016; Malm et al., 2016; Bichler et al., 2017).

Data defectiveness is a hindrance to detection of covert nodes. Telecommunication metadata has no information directly related to human capital attribute that that is, personal attributes of mobile phone users. This is part of missing information in telecommunication metadata. Covert members as used in this research denote affiliates, high-profile collaborators or co-offenders inside a dataset of terrorist groups. It is highly challenging to identify these set of participants by SNA tool because they always lie low.  These  are set  of  participators  who  engage with  OCGs  through  inconspicuous relationships. Hardly noticeable by criminal investigators as key players. This is also affecting significance covert members from detective techniques. Real-life social status of the affiliate criminals submerges their status making covert members becoming unnoticed as key players.

1.2 Statement of the Research Problem

The problem of insecurity confronting the world is emanating as persistent-conflict. Its intermittent nature and sporadic occurrence indict the current security operative approach as ineffective  in  bringing  it  under  total  control  or  complete  eradication  (Manning,  2010; Ferrara et al., 2014). This is because the conventional approach is after overt members of a criminal group who execute organisation’s agenda. But conventional approach is not after hidden members whose roles are not exposed to public and security agents (Bright, 2015). The activities of hidden members, otherwise known as covert members, are pertinent to the existence and recuperation of the criminal group whenever overt members are eliminated. Covert members enjoy secrecy on their identity because relationships with overt members are not easy to establish due to covert ways of communications (Butt et al., 2014). Also, social networks of participants, hide hierarchies of the members due to flat organisational structure (Chatterjee, 2005; Clauset et al., 2008) and leaderless principle they imbibe (Husslage et al., 2012). The problem now is how the covert members (covert nodes in a network) of a criminal group can be identified by inference from social networks of overt members; this is a missing node problem.

1.3 Aim and Objectives of the Study

This research work aims to develop enhanced Bayesian network-based algorithm for detecting  covert  members  of  a  criminal  group  using  mobile  telecommunication metadata. The objectives for achieving this aim are set as follows:

(i)     To develop a Bayesian model for covert node detection.

(ii)     To develop an algorithm for covert node detection based on the model developed in (i) above

(iii)    To evaluate the performance of the developed algorithm using network attributes of criminal’s mobile phone call metadata,

(iv)   To use SNA – Quadrant model for validation of nodes detected in (iii) above, and

(v)    To compare the algorithm with the existing covert node detection algorithms.

1.4 Significance of the Study

This work will be beneficiary to individuals, groups and nations. The work is to complement security agents’ intervention and provide adequate intelligence to fight crimes or persistent conflicts. The proposed approach is to identify covert members in a criminal organisation; those making criminal groups become resilient. Identifying those covert members can lead to successful disruption of OCGs.

This approach will facilitate and promote socio-economic stability of society, as it will expose key actors behind persistent conflicts. With this approach, less resources and security personnel will be effective for disrupting OCGs. This will definitely cut down the security votes.

1.5 Scope and Limitation of Study

Criminal organisations are regarded as complex systems. Relationships among participants in communication networks are also complex. With the concept of complexity, the following scopes, assumptions and limitations are put into consideration in  this  thesis.  This  work  considered  OCGs  in  general  but  streamline  the  target  to terrorist groups.

(i)        Telecommunication data of terrorist groups are intended for evaluation.

(ii)       Participants are presumably bounded in telecommunication metadata;

(iii)       The selected attributes are those defined in literature, that also related to features of salient criminals especially key players in OCGs.

(iv)      Development of enhanced Bayesian model was made to infer the salient actors.

(v)        The implementation and testing of the models are limited to the advanced laboratory-scale testbed.

1.6 Thesis Organisation

This work is divided into five chapters; chapter one presents an overview of criminal organisations as organised crime groups orchestrating persistent conflict. Factors preventing security agency from annihilating OCGs were mentioned. Also, the contents of chapter one includes the problem statement, aim and objectives, significance as well as scope and limitation.

Chapter Two starts with overview. It opens discussion on organisational structure and typologies of social networks. Impacts of the dark organisations are briefly enumerated to substantiate the need for this research. A section of the chapter discusses various techniques, models and algorithms for detection of key players. Sources of data, dynamism concepts related to criminal organisation structure; strategic position, vulnerability, network disruption and resilience were reviewed. A detailed review of related works on key players attributes, as well as techniques for identification and prediction of covert members from covert social networks or dark networks were presented. Chapter Two was concluded with a summary of the research gaps this work addressed.

Chapter three focuses on development of proposed methodology to address part of research  gaps  identified  in  the reviewed  works.  It  shows  steps  towards  actualising Enhanced Bayesian Network Model (EnBNM) for prediction of covert nodes. It also presents modality for identifying profiles of relevant participants in OCGs using SNA – Quadrant (SNA-Q). The SNA-Q serves a validation tool. Roles and contribution of participants in a criminal network are projected on four criminal profiles: Q1 to Q4. All metrics for evaluating the performance were obtained from social networks of criminal groups.

Chapter Four presents results of EnBNM algorithm and its performance on two criinal datasets of N’17 revolutionary group and 9/11 dataset of a faction of Al-Qaeda terrorist group. Results of SNA-Q algorithm validate EnBNM detection. Comparative analysis of EnBNM was done with existing entropy variation algorithm Finally, chapter Five concludes this thesis, with review on aim and objectives achieved, the contribution of the study to knowledge and recommendation for future works.

₦15,000.00 – DOWNLOAD FULL PROJECT DOWNLOAD FULL PROJECT Added to cart

---

---

---

---

Related Project Topics :