An Evidential Clustering Based Framework for Cyber Terrorist Cells Topology Identification

Abstract

Nowadays, social networks media are heavily used by cyber terrorist organizations to exchange information, and manage their malicious activities. Effective approaches to understand cyber terrorist organizations structures, working strategies, and operation tactics are required to develop security solutions to prevent their activities. Usually, a terrorist organization includes several sub-groups sharing common proprieties. However, the subgroups may differ in their degree of activities and roles. Hence, understating the topology of a terrorist organization and its operations methods is important to develop efficient prevention solutions. In this paper, we discuss the foundation of an approach for detecting cyber terrorist subgroups, as well as its evaluation and efficiency using data on cyber terrorist groups. The approach is based on an evidential clustering method. In fact, objects (known also as network members) within a cyber terrorist group can be classified into various sub-classes, such as military, finance and local leaders committees. Belief functions are used to describe the membership of nodes to clusters (sub-communities). The efficiency of the proposed approach is demonstrated through a set of clustering results, regarding the classification of cyber terrorist actors and the allocation of the appropriate degree to each member of a given class. Experimental results show the efficiency and the accuracy of our CECM based approach not only in classifying cyber terrorist actors into the aforementioned communities, but also in allocating a degree of membership for each member to each sub-class.