A novel approach for terrorist sub-communities detection based on constrained evidential clustering

The emergence of web 2.0 virtual spaces, namely social networks and social media, enables terrorist organizations to flourish and advance their cyber malicious activities by posting criminal contents, exchanging information and polarizing new members. Thus, there is an immense need for the development of effective approaches to understand cyber terrorist organizations structures, working strategies, and operation tactics. A terrorist community is a set of subgroups, which share many properties but differ on others, such as degree of activity and roles. The identification of these sub-communities is a key task not only to understand the topology of these organizations but also to discover their operation methods. In this paper, we propose a cyber community detection approach based on Constrained Evidential C-Means (CECM) algorithm which is an adequate evidential clustering method that can be applied to detect cyber terrorist subgroups. Based on Must-link and Cannot-link constraints, objects (network members) can be classified into various sub-classes Cn, such as military, finance and local leaders committees. The membership of nodes to clusters (sub-communities) is described by Belief functions. Clustering results show the efficiency of our evidential constrained approach not only in classifying cyber terrorist actors into the aforementioned communities, but also in allocating a degree of membership for each member to each class.