Networks and Terrorism CASOS Projects

Arab Spring and Beyond
A mixed-methods, multi-modeling approach is used to support theory development, testing, and model validation. These methods include employing detailed ethnographic analysis, text-analysis in which text-mining using Latent Dirichlet Allocation techniques for topic identification, co-sign analysis for similarity among topics are used, geo-statistics, dynamic network analytics and visual analytics are used for reasoning about the extracted data. (Kathleen M. Carley, PI)

AutoMap
AutoMap is a software for computer-assisted Network Text Analysis (NTA). NTA encodes the links among words in a text and constructs a network of the linked words. AutoMap subsumes classical Content Analysis by analyzing the existence, frequencies, and covariance of terms and themes.(Kathleen M. Carley, PI).

BioWar
A project to develop a a cityscale multi-agent network model of weaponized chemical and biological attacks at the city level. Current system enables evaluation of syndromic surveillance approaches for early detection and estimation of change in death rate for difverse types of attacks on 5 major US cities. In BioWar, 62 diseases, including multiple weaponized diseases such as Anthrax and Smallpox have been modeled. (Kathleen M. Carley, PI). This work supports a Ph.D. project on large scale simulation and automated validation by Alex Yahja. (chair Kathleen M. Carley).

CORES
Complex Organizational Reasoning System. This project supports the Ph.D. work of Robert Behrman (Kathleen M. Carley, PI)

Cyber Resiliency
The Cyber Resiliency project aims to develop new theory and application of network analysis (also known as network science) to the requirement for information-technology (IT) enabled organization to be able to continue to function with their enabling IT degraded. The project will use both generalized organizations and empirical organizations modeled via a text-mining, data-to-model (D2M) process as the source of organizations to study. (Kathleen M. Carley, PI)

Dynamic Network Analysis
Estimating the information content and robustness of statistical measures of network properties under varying levels of information assurance for static and dynamic networks. Both missing and fabricated information about personnel and the links among them are being examined (Kathleen M. Carley, PI).

DyNet
A computational tool for estimating the impact of various destabilization strategies (including both informaiton warfare and individual isolation) on dynamic evolving covert networks under varying levels of information assurance (Kathleen M. Carley, PI).

Event Detection from Twitter Using Hierarchical Bayesian Models
In this project we proposed a probabilistic graphical model to discover latent events that are clustered in the spatial, temporal and lexical dimensions. Both the qualitative analysis and quantitative analysis we present justified our model on a large Twitter data set. Results show that our model improved over baseline approaches on a variety of prediction tasks. These qualitative efforts show that our work can be used in a variety of application areas where event extraction and location/time prediction of social media data is of interest, like in the detection of protests and demonstrations as shown here but also in detecting, for example, important local sporting events that may be relevant to different users. This project supports the Ph.D. work of Wei Wei (Kathleen M. Carley, PI)

Geo-temporal Characterization of Security Threats
In this project, we built statistical models that explain the international variation in the number of attacks encountered and hosted. I used the Symantec Intrusion Prevention System (IPS) telemetry data and Symantec Anti-Virus (AV) telemetry data both collected from more than 10 million Symantec customer computers worldwide, and combined that data with an attack description database that we built based on Symantec online attack descriptions. The IPS data mainly cover network based attacks (web attacks, fake applications, and exploits), while the AV data mainly cover malware(trojans, viruses, and worms). This project supports the Ph.D. work of Ghita Mezzour (Kathleen M. Carley, PI)

Insider Threat
Conducted with CERT division of the Software Engineering Institute (SEI). (Kathleen M. Carley, PI)

Linking Social and Communication Networks
The goal of communications project is to understand the nature of communication-- within a social communication network, within a computer communication network, within a telecommunication network, and the integration of all networks. (Kathleen M. Carley, PI)

NetEst
A desktop computer investigative tool that estimates the size and structure of networked and cellular organizations from disparate data sources. (Kathleen M. Carley, PI).

NetWatch
A multi-agent network tool for dynamic wargaming of both the red and blue team in which teams are formed of one or more agencies of agents with varying information gathering and processing capabilities.(Kathleen M. Carley, PI).

Online Extremist Community Detection
Although community detection and covert network detection methods offer methods to identify these groups they often lack the precision required to use them operationally or do not provide the computational scalability to detect these relatively small groups embedded in large social networks. To effectively combat these threat group supporting online communities requires new methodologies to detect them and identify key users and roles. This project supports the Ph.D. work of Matthew Benigni (Kathleen M. Carley, PI)

ORA-LITE
ORA is a risk assessment tool for locating individuals or groups that are potential risks given social, knowledge and task network information. Essentially, first you use information about people to "connect the dots." Then, ORA examines this network and finds those dots, those people, who represent a risk to the overall system. (Kathleen M. Carley, PI).

Remote Detection of Emerging WMD Threats
We find that there are four broad profiles of countries: countries that invest heavily across all three technologies, countries that are invested in nuclear and cyber capability, countries that are solely invested in biological capability, and countries that are not invested in the three capabilities. These profiles provide a more holistic view of the threat landscape for policymakers. This project supports the Ph.D. work of Ghita Mezzour (Kathleen M. Carley, PI)

VISTA
A multi-agent tool that intelligence analysts can use to visualize the sudden, non-linear, emergent events, including attacks on the critical infrastructure, that can characterize asymetric threat operations in urban settings. This project supports the Ph.D. work of Marcus Louie (Kathleen M. Carley, PI).