Understanding Terrorist Network Topologies and Their Resilience Against Disruption

This article investigates the structural position of covert (terrorist or criminal) networks. Using the secrecy versus information tradeoff characterization of covert networks it is shown that their network structures are generally not small-worlds, in contradistinction to many overt social networks. This finding is backed by empirical evidence concerning Jemaah Islamiyah's Bali bombing and a heroin distribution network in New York. The importance of this finding lies in the strength such a topology provides. Disruption and attack by counterterrorist agencies often focuses on the isolation and capture of highly connected individuals. The remarkable result is that these covert networks are well suited against such targeted attacks as shown by the resilience properties of secrecy versus information balanced networks. This provides an explanation of the survival of global terrorist networks and food for thought on counterterrorism strategy policy.

Outsmarting Network Security with SDN Teleportation

Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), introduces a new vulnerability which we call \emph{teleportation}. An attacker (e.g., a malicious switch in the data plane or a host connected to the network) can use teleportation to transmit information via the control plane and bypass critical network functions in the data plane (e.g., a firewall), and to violate security policies as well as logical and even physical separations. This paper characterizes the design space for teleportation attacks theoretically, and then identifies four different teleportation techniques. We demonstrate and discuss how these techniques can be exploited for different attacks (e.g., exfiltrating confidential data at high rates), and also initiate the discussion of possible countermeasures. Generally, and given today's trend toward more intent-based networking, we believe that our findings are relevant beyond the use cases considered in this paper.Comment: Accepted in EuroSP'1

A Dynamic Game on Network Topology for Counterinsurgency Applications

Successful military operations are increasingly reliant upon an advanced understanding of relevant networks and their topologies. The methodologies of network science are uniquely suited to inform senior military commanders; however, there is a lack of research in the application of these methods in a realistic military scenario. This study creates a dynamic game on network topology to provide insight into the effectiveness of offensive targeting strategies determined by various centrality measures given limited states of information and varying network topologies. Improved modeling of complex social behaviors is accomplished through incorporation of a distance-based utility function. Moreover, insights into effective defensive strategies are gained through incorporation of a hybrid model of network regeneration. Model functions and parameters are thoroughly presented, followed by a detailed sensitivity analysis of factors. Two designed experiments fully investigate the significance of factor main effects and two-factor interactions. Results show select targeting criteria utilizing uncorrelated network measures are found to outperform others given varying network topologies and defensive regeneration methods. Furthermore, the attacker state of information is only significant given certain defending network topologies. The costs of direct relationships significantly impact optimal methods of regeneration, whereas restructuring methods are insignificant. Model applications are presented and discussed

Social Media Exploitation by Covert Networks: A Case Study of ISIS

Social media has quickly become a dominant mode of professional and personal communication. Unfortunately, groups who intend to perform illegal and/or harmful activities (such as gangs, criminal groups, and terrorist groups) also use it. These covert networks use social media to foster membership, communicate among followers and non-followers, and obtain ideological and financial support. This exploitation of social media has serious political, cultural, and societal repercussions that go beyond stolen identities, hacked systems, or loss of productivity. There are literal life-and-death consequences of the actions of the groups behind these covert networks. However, through tracking and analyzing social media content, government agencies (in particular those in the intelligence community) can mitigate this threat by uncovering these covert networks, their communication, and their plans. This paper introduces common social media analysis techniques and the current approaches of analyzing covert networks. A case study of the Syrian conflict, with particular attention on ISIS, highlights this exploitation and the process of using social media analysis for intelligence gathering. The results of the case study show that covert networks are resilient and continually adapt their social media use and presence to stay ahead of the intelligence community

Distinctiveness Centrality in Social Networks

The determination of node centrality is a fundamental topic in social network studies. As an addition to established metrics, which identify central nodes based on their brokerage power, the number and weight of their connections, and the ability to quickly reach all other nodes, we introduce five new measures of Distinctiveness Centrality. These new metrics attribute a higher score to nodes keeping a connection with the network periphery. They penalize links to highly-connected nodes and serve the identification of social actors with more distinctive network ties. We discuss some possible applications and properties of these newly introduced metrics, such as their upper and lower bounds. Distinctiveness centrality provides a viewpoint of centrality alternative to that of established metrics

Survey of Network Protocols

IPv4 is the network protocols of the present Internet, which is characterized by the Internet  Engineering Task Force (IETF). Network protocols characterize guidelines, polices and traditions for communication between system devices. Every advanced protocol for computer organization utilizer a packet switching system to send and get the message. The protocols are intended to conquer the activities of any enemy that can lose the sent message, discretionarily change the fields of the sent message, and replay old messages. In the web, the colossal measure of information and the immense number of various protocols makes it perfect as a high-bandwidth speed vehicle for undercover communication. This article is an overview of the current methods for making the covert channels. Weadditionally gave a diagram of wide kinds of network protocol

Network disruption and recovery: Co-evolution of defender and attacker in a dynamic game

The evolution of interactions between individuals or organizations are a central theme of complexity research. We aim at modeling a dynamic game on a network where an attacker and a defender compete in disrupting and reconnecting a network. The choices of how to attack and defend the network are governed by a Genetic Algorithm (GA) which is used to dynamically choose among a set of available strategies. Our analysis shows that the choice of strategy is particularly important if the resources available to the defender are slightly higher than the attackers'. The best strategies found through GAs by the attackers and defenders are based on betweenness centrality. Our results agree with previous literature assessing strategies for network attack and defense in a static context. However, our paper is one of the first ones to show how a GA approach can be applied in a dynamic game on a network. This research provides a starting-point to further explore strategies as we currently apply a limited set of strategies only

Violent extremist group ecologies under stress

Violent extremist groups are currently making intensive use of Internet fora for recruitment to terrorism. These fora are under constant scrutiny by security agencies, private vigilante groups, and hackers, who sometimes shut them down with cybernetic attacks. However, there is a lack of experimental and formal understanding of the recruitment dynamics of online extremist fora and the effect of strategies to control them.Here, the authors utilise data on ten extremist fora that we collected for four years to develop a data-driven mathematical model that is the first attempt to measure whether (and how) these external attacks induce extremist fora to self-regulate. The results suggest that an increase in the number of groups targeted for attack causes an exponential increase in the cost of enforcement and an exponential decrease in its effectiveness. Thus, a policy to occasionally attack large groups can be very efficient for limiting violent output from these fora.Authored by Manuel Cebrian, Manuel R. Torres, Ramon Huerta and James H. Fowler