In the shadow of silence: Modelling missing data in the dark networks of crime and terrorists

Dark networks, which describe networks with covert entities and connections such as those representing illegal activities, are of great interest to intelligence analysts. However, before studying such a network, one must first collect appropriate network data. Collecting accurate network data in such a setting is a challenging task, as data collectors will make inferences, which may be incorrect, based on available intelligence data, which may itself be misleading. In this paper, we consider the problem of how to effectively sample dark networks, in which sampling queries may return incorrect information, with the specific goal of locating people of interest. We present RedLearn and RedLearnRS, two algorithms for crawling dark networks with the goal of maximizing the identification of nodes of interest, given a limited sampling budget. RedLearn assumes that a query on a node can accurately return whether a node represents a person of interest, while RedLearnRS dispenses with that assumption. We consider realistic error scenarios, which describe how individuals in a dark network may attempt to conceal their connections. We evaluate and present results on several real-world networks, including dark networks, as well as various synthetic dark network structures proposed in the criminology literature. Our analysis shows that RedLearn and RedLearnRS meet or outperform other sampling strategies.

To date, most social network analyses (SNAs) of terrorist groups have used network data that provide snap-shots of the groups at a single point in time. Seldom have they used network data that take into account how the groups have changed over time. In this article, a unique longitudinal network data set, the Noordin Top terrorist network from 2001 to 2010, is examined in order to explore whether a recently developed method – social network change detection (SNCD) – can help analysts monitor a dark network's topography (e.g. centralization, density, degree of fragmentation) in order to detect significant changes in its structure and identify possible causes. The application of change detection to this historical data set illustrates the method's potential usefulness, including its ability to detect significant changes in the network in response to a series of exogenous factors, such as the acquisition of bombing materials, the capture of key leaders and groups, and the death of Noordin himself. The method's inability to detect other significant events, however, highlights important limitations when working with it. While SNCD should not be the only method analysts have at their disposal, the results detailed in this article suggest that it should be included in their toolkit.

Social network analysis (SNA) conclusions are drawn on terrorist and dark network data sets that may provide erroneous results due to an indeterminate amount of missing data or data corruption. Compounding these effects, information sources reporting on terrorist groups and other dark network organizations may intentionally or unintentionally provide false data. These introduced errors may be significant as they could produce analytic results that are counter to the true situation, leading to misappropriation of resources, improper strategy adoption, and erroneous actions. Analyst cognizance of the causes of imperfect social network data, the importance of proper boundary specification, biases introduced via the employed data collection methods, and characteristics of social network information sources, particularly inherent informant accuracy assumptions, are necessary for SNA analysts to ascertain the resultant social network model's limitations and the inferences that can properly be drawn from the analysis. Specific to investigating terrorist groups and dark networks, trusted and deceptive social network information sources are introduced.

Social network analysis (SNA) is an approach concerned with analysing networks of relations and interactions among a defined set of actors. In recent years, SNA has become known as a useful tool for analysing a wide range of criminal networks, including networks of serious financial crime. However, using SNA in the study of crime is hindered by the aim of actors involved in these to conceal their interactions, making data collection complicated. These complications stem from issues with data availability, validity and reliability. To tackle these issues, we first introduce a framework for thinking about six aspects of network data collection: nodes, ties, attributes, levels, dynamics and context. In the light of this framework, we subsequently review three types of data sources usable for analysing financial crime networks in the context of the United Kingdom. These data sources are documents accompanying Deferred Prosecution Agreements, enforcement case files and commercial transaction data. We illustrate the contents of each of these data sources together with their potential for extracting network data and the types of conclusions that can be drawn through analysing them. These data sources share common problems in being of a secondary non-scientific nature and being prone to contain missing information. In conclusion, we illustrate further uses of SNA and possible extensions of the introduced data sources to other types of criminal networks and jurisdictions beyond the United Kingdom.

Our goal in this paper is to explore two generic approaches to disrupting dark networks: kinetic and non-kinetic. The kinetic approach involves aggressive and offensive measures to eliminate or capture network members and their supporters, while the non-kinetic approach involves the use of subtle, non-coercive means for combating dark networks. Two strategies derive from the kinetic approach: Targeting and Capacity-building. Four strategies derive from the non-kinetic approach: Institution-Building, Psychological Operations, Information Operations and Rehabilitation. We use network data from Noordin Top’s South East Asian terror network to illustrate how both kinetic and non-kinetic strategies could be pursued depending on a commander’s intent. Using this strategic framework as a backdrop, we strongly advise the use of SNA metrics in developing alterative counter-terrorism strategies that are contextdependent rather than letting SNA metrics define and drive a particular strategy.

Nowadays, the application of the Internet is more and more extensive, but also exposed many problems. Network attacks are gradually penetrating into all kinds of network terminals, and the attack means are more and more sophisticated and covert. Network paralysis, data and user information leakage and other security problems are increasingly prominent. The increasingly dangerous network security situation brings new challenges to the traditional single point and single source security defense system. At the same time, the network crime has caused more and more losses to the personal and property safety of the state, enterprises and citizens. Network security has become the most concerned problem of citizens. In order to clarify the influence of different factors on computer network security, construct effective solutions, and create a more secure environment for the development and expansion of network information technology, this paper analyzes the factors affecting computer network information security based on genetic algorithm, and proposes a BP neural network algorithm based on genetic algorithm optimization, which is used in network security optimization. The experimental results show that the accuracy of BP neural network algorithm optimized by genetic algorithm is as high as 86.5%. The combination of genetic algorithm and neural network can effectively improve the reliability of the network.KeywordsGenetic algorithmComputerNetwork securityApplication research

In the era of big data, the amount of information on dark network resources has exploded. Massive dark network data contain abundant information. To detect dark network resources and obtain dark network information, in-depth understanding of the dark network is a prerequisite. However, due to the high anonymity of dark network, it is usually difficult to be found by traditional search engines. Users need to register strictly and use specific tools to log in dynamically. In this paper, we explore the simulation of dark network scene in the big data environment. The Tor network is built on the openstack platform, which simulate the dark network scene. By using wireshark software to analyze network traffic, and using nmon tool to analyze network performance, the results show that the dark network scene can be simulated realistically.

<p class="MDPI18keywords">In today’s digitally saturated world, digital devices are frequently involved in criminal events as targets, mediums, or witnesses. Forensic investigations encompass the collection, recovery, analysis, and presentation of information stored on network devices, with specific relevance to network crimes. Such investigations often necessitate the use of diverse analysis tools and methods. This study introduces techniques that support digital investigators in correlating and presenting information derived from forensic data, with a primary focus on packet sniffing, network forensics, and attack detection. By leveraging these methodologies, investigators aim to achieve more valuable reconstructions of events or actions, resulting in enhanced case conclusions. The study emphasizes the importance of understanding how malware operates within the context of the Internet. It explores packet sniffing techniques to capture and analyze network data, enabling investigators to detect and trace the origins of malicious activities. Additionally, it delves into the realm of network forensics, proposing effective methods for gathering evidence from network devices and reconstructing digital events. Furthermore, the study covers the significance of attack detection in network crime investigations. It highlights techniques to identify and analyze attack patterns, facilitating the identification of perpetrators and their motivations. By correlating information obtained from forensic data, investigators can obtain comprehensive insights into the nature and impacts of network crimes. Overall, this study aims to arm digital investigators with the knowledge and tools necessary to navigate the complexities of packet sniffing, network forensics, and attack detection. By incorporating these techniques into their investigations, investigators can achieve more robust reconstructions of events, draw well-informed conclusions, and contribute to the successful resolution of network crime cases.</p>

The field of social network analysis has received increasing attention during the past decades and has been used to tackle a variety of research questions, from prevention of sexually transmitted diseases to humanitarian relief operations. In particular, social network analyses are becoming an important component in studies of criminal networks and in criminal intelligence analysis. At the same time, intelligence analyses and assessments have become a vital component of modern approaches in policing, with policy implications for crime prevention, especially in the fight against organized crime. In this study, we have a unique opportunity to examine one specific Swedish street gang with three different datasets. These datasets are the most common information sources in studies of criminal networks: intelligence, surveillance and co-offending data. We use the data sources to build networks, and compare them by computing distance, centrality, and clustering measures. This study shows the complexity factor by which different data sources about the same object of study have a fundamental impact on the results. The same individuals have different importance ranking depending on the dataset and measure. Consequently, the data source plays a vital role in grasping the complexity of the phenomenon under study. Researchers, policy makers, and practitioners should therefore pay greater attention to the biases affecting the sources of the analysis, and be cautious when drawing conclusions based on intelligence assessments and limited network data. This study contributes to strengthening social network analysis as a reliable tool for understanding and analyzing criminality and criminal networks.

Understanding the structure and resilience of organized crime groups like mafias is critical for designing strategies to disrupt their operations. This paper proposes a new protocol– proxy targeting– for network disruption analyses. By separating the targeting of nodes and their removal from the network of interest, this approach allows researchers to consider multiple dimensions in a multiplex network simultaneously, as well as the sort of information available to law enforcement in the early stages of an investigation rather than complete knowledge of the network. Multiplex network data is collected from a pre-trial detention notice and the Italian business register on an `Ndrangheta group as its members and associates sought to infiltrate legitimate businesses. Using the newly-developed proxy targeting approach, results suggest that open-source business registers can be an effective, low-cost, and easy-to-access network data source for targeting surveillance and disruption of corporate interlock dimensions that represent which actors are affiliated to the same company together; however, these data are less successful for targeting disruption of the communication dimension between actors. Further, findings suggest that multiplexity can reinforce a network’s resilience against disruption by providing fallback connectivity in the event that one dimension is destabilized. The proxy targeting protocol proposed here creates opportunities to answer new questions and to better understand how criminal networks are structured and how they can be disrupted.

A crucial contemporary policy question for governments across the globe is how to cope with international crime and terrorist networks. Many such “dark” networks—that is, networks that operate covertly and illegally—display a remarkable level of resilience when faced with shocks and attacks. Based on an in‐depth study of three cases (MK, the armed wing of the African National Congress in South Africa during apartheid; FARC, the Marxist guerrilla movement in Colombia; and the Liberation Tigers of Tamil Eelam, LTTE, in Sri Lanka), we present a set of propositions to outline how shocks impact dark network characteristics (resources and legitimacy) and networked capabilities (replacing actors, linkages, balancing integration and differentiation) and how these in turn affect a dark network's resilience over time. We discuss the implications of our findings for policymakers. © 2011 by the Association for Public Policy Analysis and Management.

Due to its anonymity and non-traceability, it is very difficult to research websites on the dark network. The research of the dark network is very important for our network security. Now there is very little data for studying the dark network, so we independently developed dark web crawler that runs automatically. This article will detail the implementation process of our dark web crawler and the data analysis process of crawled data. Currently, we can use crawled data to detect if multiple urls belong to the same site. We can use data to extract features of similar websites and we have generated an ever-increaing data set that can be used for simple website classification.We use the crawled data as a categorical dataset to categorize newly discovered urls.When we get the a certain number of new urls, we crawl again and the crawled data will be added to the previous data set. After multiple rounds of crawling, our data sets will be more and more abundant. through our approach, we can solve the problem that the dark network data is small, researchers can use our method to get enough data to study all aspects of the dark network.

The concept of network is fast becoming ubiquitous. Its broad appeal lies in its ability to account for the present multiplicity of institutional, organizational, and social morphologies. Networks promise to absorb, recombine, and merge the two dominant and competing forms of social organization (the bureaucratic hierarchy and the market) into a third one that would transcend the proclaimed obsolescence of bureaucracies (see for example Osborne and Gaebler, 1992) or the excesses of the market. Crime or dark networks (Raab and Milward, 2003) and their real level of (dis)organization have been studied for a number of years (Naylor, 2002; Morselli, 2005 and in this issue), but the 9/11 events and the failures of the verticalhierarchical bureaucratic forms of security delivery they highlighted provided an audience to those advocating flatter and more flexible law enforcement assemblages (Williams, 1994; Arquilla and Ronfeld, 2001).

The amount of information shared amongst different devices and the variety of novel methods of network crimes have exponentially increased in recent years because of the widespread use of the internet. Quick identification of all types of attacks would not be possible with conventional methods including firewalls, which focused on data filtering. Dealing with the timely recognition of these types of assaults is very successful for intrusion detection systems (IDS) grounded on ML algorithms. They can efficiently manage the enormous amount of data in order to identify any harmful behaviour. Every network activity is searched for any possibly dangerous activity using IDS based on machine learning. The main objective of the planned effort is to provide analytical analyses of such current intrusion detection systems. Furthermore, examined in this work are the useful data sets and several techniques already in use to develop an effective IDS using single, hybrid, and ensemble machine learning algorithms. The approaches in the literature have then been investigated under several criteria in line to provide a clear road and direction for the next projects that will be successful. Nowadays, companies of all kinds include an intrusion detection system (IDS), which inhibits cybercrime to protect the network, resources, and private data. Many strategies have been suggested and implemented up till now to prevent uncivil behaviour. Since machine learning (ML) approaches are successful, the proposed approach applied several ML models for the intrusion detection system. The CIC IOT 2023 Dataset is the one applied in this paper. Tested were several techniques including random forest, XG Boost, logistic regression, MLP model, and RNN. Following fine-tuning, the federated learning model using neural networks had the best accuracy—99.84%.

As the rapid development of the Internet and the wide application of big data technology, it has spawned a large number of network users. The free dissemination of various kinds of information has gained new development, but it has also given rise to many new conflicts and problems. This paper is mainly based on the current network information dissemination which has which has three characteristics: first, the information spreads highly effective and freely; second, the information is difficult to judge the authenticity; third, it is related to the netizens’ privacy. That explains the era of big data network information dissemination facing all kinds of legal risk, which involves the citizens’ rights are violated, and the network crime is increasingly serious, legal issues, such as national information security threats, thus put forward to perfect the relevant legal system, strengthen government guide, suggest improving the social regulation.