Estimating Vulnerabilities in Large Covert NetworksOrgAhead – multi-agent network model of...

June 2004

Estimating Vulnerabilities in Large Covert Networks

Kathleen M. [email protected]

412 268 6016

June 2004 © Kathleen M. Carley – CMU ISRI CASOS

Overview

Network profiles of terrorist organizationsAl-Quaeda HamasData derived both qualitatively and quantitatively

Computational simulation of large-scale dynamic social networks

Meta-Matrix modelORA AnalysisDyNet simulation system

Performance of simulation tools on covert networks


DyNetML

ORAStatistical analysis

of dynamic networks

AutoMapAutomated

extraction of network from texts

DyNetSimulation of

dynamic networks

Extended Meta-Matrix Ontology

TEXT:

Thesaurus

Delete List

Capability and interoperability of suite of tools.

Network-Vis Network-VisNetwork-Vis

TEXT:TEXT:TEXT:

Report on comparison and analysis of networks

described in texts

Sub-group andtopology

identification

Vulnerabilityanalysis

Key actor, roleact identification

Impact assessmentof change tactic

or evolution

Unified Database


Text Analysis Approach

al QaedaSeveral thousand articles, web pages, etc.BooksData collected automatically and by hand

HamasSeveral hundred articlesData collected automatically and by hand


Profile: Al-Qaeda

Built to maximize secrecy and securityInformation partitioning between cellsNode and link redundancyCellular structures

Small, densely connected cellsLittle interconnect between cells

Inter-cell connections are often dormant and only activated on the as-needed basis

Cells are expendable – minimizing the impact of a cell removalCell leaders are more knowledgeable then other membersCell members have distributed knowledgeCells are largely self-sufficient

Absorbs local insurgencies as operational cellsCentral command structure is a 2-level hierarchy (Bin Laden and a group of top officers)Regional structures differ; most prevalent are cellular organizations


Profile: Hamas

Hierarchical Command and Control structureDivided into functional “services”, regionally distributed

“Political Wing” (based in Syria)Infrastructure (local and international)

Social Support Infrastructure (Schools, hospitals, etc)Fundraising, financeWeapons procurementReligious activities

“Military Wing”Popular Uprising (organizes protests and local resistance)Internal Security (Jihad Amman)Suicide BombersAzzeddin Al-Quassam

Professional military wingTrains and supplies suicide bombers


Profiles of Terrorist Networks

Reasonably high Infrastructure - legitimate businessesOperational - infiltrated into police, etc.

Moderate to lowHidden

Integration with community

Functional and Regional LeadersCell LeadersExecutives

By function and region, also hierarchical

Similarity (historical)Connection among cell leaders

Planned by function; executed by local cells; funded regionally

Cell-orientedMultiple cells cooperate for large missions

Mission Structure

Function-OrientedSame skills in cells, need external support

Mission-orientedDistributed skills in cell, somewhat self-sufficient

Cells

Matrix – by region and functionTop-level structure is a hierarchyUnderlying cellular structureAbsorbs structures of subsidiary groups

Organizational Structure

HamasAl-QaedaFeature


Al Qaeda 2001


Al Qaeda 2004


al Qaeda


Membership

Members that Joined

32

62

1825 25

21

40

19

8

21

36

1723

15

1 3 00

10

20

30

40

50

60

70

pre19

8919

8919

9019

9119

9219

9319

9419

9519

9619

9719

9819

9920

0020

0120

0220

0320

04

Year

Num

ber

Members that Left

212

2314

2

21 1711

71

52

79

30

102030405060708090

1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

Year

Num

ber

Live Members

0

50

100

150

200

250

300

pre19

8919

9019

9219

9419

9619

9820

0020

0220

04

Live MembersLive Married MembersLive Members w/Children


Internal Structure

Avg Live Member Total Degree Centrality

-0.03

-0.02-0.01

00.01

0.02

0.030.04

0.050.06

0.07

pre19

89

1990

1992

1994

1996

1998

2000

2002

2004

Year

Avg

Tot

Deg

ree

Cen

tralit

y

Avg-StdAvgAvg+Std

Avg Live Member Cognitive Demand

0

0.02

0.04

0.06

0.08

0.1

0.12

0.14

pre19

89

1990

1992

1994

1996

1998

2000

2002

2004

Year

Avg

Cog

Dem

and

Avg-StdAvgAvg+Std

0

0.005

0.01

0.015

0.02

0.025

0.03

Time

Density

Average Live Member Betweenness Centrality

-0.02

-0.01

0

0.01

0.02

0.03

0.04

pre19

89

1990

1992

1994

1996

1998

2000

2002

2004

Year

Avg

Bet

w C

entra

lity

Avg-StdAvgAvg+Std


al-QaedaBin Ladin

Religiousrecruitment finance media

consultative council

Militarytraining

operational cell

supportcell

support operation

support

support

operation

operation

operation

operation

support


Hamas under Yassin

MeshaalDamscus

Infrastructure

Egypt

Gaza (HQ)

h

West Bank

Otherregions

OtherRegions

}Damascus

regional organization

functional cells

Lebanon

Judea Samaria

YassinGazaHead

RantissiGaza

Operations


Hamas with Yassin


Characteristics of Key Actors

Rantissi.087

Bin Ladin.015

Individual most likely to be an emergent leader, isolation of this person will be moderately crippling for a medium time

Highest in cognitive demand

Yassin.011

Bin Ladin.028

Individual most likely to diffuse new information, isolation of this person will be slightly crippling for a short time.

Highest in degree centrality

slightly less complex .053

Overall –very low density

slightly more complex .096

Overall –very low density

Very low then probably major amounts of missing data, possibly cells are self directed. Very high then system is tightly coupled and possibly prone to group think.

ComplexityHamasal-Qa’idaMeaningCharacteristics


Expected Performance

Performance Over Time

64

65

66

67

68

69

70

71

1 14 27 40 53 66 79 92 105 118 131 144 157 170 183 196

Time

Per

form

ance

al-Qa'idaHamas


Hamas Before and After Yassin

Before After


Expected Performance After Removal of Top Leader

Performance impact of removing top leader

64.5

65

65.5

66

66.5

67

67.5

68

68.5

69

1 18 35 52 69 86 103 120 137 154 171 188

Time

Perf

orm

ance

al-Qa'ida without leaderHamas without leader


Range in Estimates

Hamas Density

.03/.05 CD Yassin - .05/.04Degree - 2

Al-QaedaDensity

. 02/.096 (.01 to .03)CD bin Ladin - .05/.028Degree 2

Typical social networkDensity

.3Degree 7

But – since the structure is apx consistent –the results hold


Key Ideas of Dynamic Network Analysis

Meta-Matrix

Combine

Emergent leaders – cognitive demand

People Knowledge Tasks

People Relation

Social Network Who knows who

Knowledge Network Who knows what

Assignment Network Who does what

KnowledgeRelation

Information Network What informs what

Needs Network What knowledge is needed to do that task

Tasks Relation

Precedence Network Which tasks must be done before which

Networks + multi-agentSocial science + computer science

Conceptual + network data


Where Next

Dynamic measures Visualizing dynamicsSocial “zooming” on the visualsSimulations – linking actions (beyond communication) and networksExplore personality additionsExplore power added by using graph based pattern detection – like proximity


Related Work

AutoMap – semi-auto extraction of network data from textsORA –DyNet – evaluation of network dynamics and destabilization policiesNetWatch – impact of data integration, sharing and control on ability to detect evolving networkBioWar – city scale multi-agent network model of weaponized biological attacksOrgAhead – multi-agent network model of evolving organizational formsConstruct – co-evolution of agent mental models and social networksThreatFinder – social/knowledge management system for locating IP security risksVista – estimating the evolving likelihood and impact of unanticipated events in urban settings

Estimating Vulnerabilities in Large Covert NetworksOrgAhead – multi-agent network model of...

Documents

Transcript of Estimating Vulnerabilities in Large Covert NetworksOrgAhead – multi-agent network model of...