Beruflich Dokumente
Kultur Dokumente
7
node as a measure of interconnectedness [13]. If we use adjacency networking site twitter. The author used peak detection method
matrix A (aij ) , DC can be formulated as follows. from deviation of time series of events for detecting abnormal
behavior. Outlier detection is also important for detection of
DC(k ) i 1 aik abnormal activity when combined with identification of main
n
(1)
actor [13]. Irregular behavior on social networking sites and their
Here k is the node for which we are calculating the degree mobility in different geographical area is the most distinguishing
centrality. Closeness centrality (CC) describes how central is an factor for determining an event [20]. In multiplex networks
actor having shortest distance to other connected nodes for authors generated k-cores through self-consistency equations [16].
communication relation. Closeness centrality (CC) is the measure In another paper [21]important communities were identified on
of closeness of node in the node to other important nodes. The the same k-core algorithm. In this paper we use the dataset of
nodes at short distance to main actors are useful in spreading of multilayer Noordin Top terrorist network [22] for analysis of
important information to other nodes in the network. different patterns using Gephi 0.902 tool and extract different
features using data mining on the data set using machine learning
CC( k ) 1/ I 1 d (k , i)
N
(2) algorithm for social network analysis and main actor identification.
Here d is the distance between the nodes. Betweenness centrality 3. CK-SDK MODEL
(BC) is interaction of an actor between pair of nonadjacent nodes Our proposed methodology is distributed in two parts. In the first
[14]. Betweenness Centrality (BC) is measure of finding the node part we will use terrorist social network data for identifying main
that falls at the shortest path between many important nodes. The actors involved in the network on the basis of centrality measure.
importance of node k between two important nodes i and j is the In the second step we will apply data mining techniques for
interaction of between these two nodes who are not directly feature extraction.
connected.
3.1. Data Pre-processing Stage
g ij ( k )
BC( k ) i0,ik ji , j k
n n In pre-processing stage we remove the noisy data and discard
(3)
missing values or imputation of missing values. We will use KNN
g ij
(K nearest neighbor) approach for computing missing values as
Eigenvector centrality (EC) is the most influential node that is KNN uses neighbor values for calculating missing information.
also connected to other well connected nodes in a network. For noise removal we use Euclidean distance between pair of
nodes in n-space having d distance between them [23].
1
n
EC ( k ) k x a jx k j (4)
max A j 1
p qj
n
d ( p, q ) (5)
2
i 1 i
8
3.2. Identification of Main Actor
We will use centrality measure for finding the main actors
involved in the terrorist network. We will use hybrid centrality
measure (HCM) through combining the DC, BC, CC and EC for
enhancing the effect for finding main actors. The multilayer social
network extracts features from every network and ensemble them
into global feature for provision of better decision. We will further
use K-core algorithm for maximum accuracy of our results. A k-
core in a network is represent sub network formed through
repeatedly deleting vertices having degree less than some
threshold k.
δ (G) k. The maximal value in the graph represents the 4. RESULTS AND ANALYSIS
maximum set of nodes in the graph having least number of When we analyzed the data of Noordin terrorist top network we
neighbors within that group[25]. Here δ (G) is degree of the graph identified ten multiple layers of the network having total length of
vertices. The vertices of sub graph H are adjacent to k other network 79. Table1 represents the different layers and number of
vertices of sub graph. The example below shows that 1-core nodes involved in each layer of network. Figure 4 shows only
where parameter k=1 deletes all isolated vertices from the graph. Business and Finance network with labels representing the actors
Similarly 2-core deletes all nodes with two vertices and so on. The involved in Business and Finance layer and their connections
algorithm deletes all the vertices less than k. The graph having within network.
maximum value for core is the main core.2
4.1. Network Centrality Measure
We applied social network analysis techniques on the dataset,
firstly we applied centrality measures on the first layer and find
the important nodes of the network layers on the basis of
centrality measures as shown in Table 2. For further
understanding structure of the network we applied modularity and
identified node partitioning with respect to degree as shown in
(a)Graph with 0-core (b)Graph with 1-core Figure 5.
9
Figure 6. Business and finance layer after k-core, K=3
nodes=8.
10
TP TN Ensemble 100 74 100
ACC
TP TN FP FN
5. CONCLUSION
In this paper we extracted features of network that are maximally
connected to core members inside particular layers as well as
other layers through combination of Hybrid centrality measures
and k-core for identification of core members from terrorist
Figure 7. Comparison of CK-SDK with other classifiers. networks. There are many techniques for identification of key
players in social networks, and each of these techniques focus on
Table 4. Comparison of results of hybrid learning algorithm their objective according to their own perspective. The important
CK-SDK nodes are extracted through centrality measures which we further
pruned to identify only important nodes. Therefore only important
Classifier Accuracy Sensitivity Specificity nodes remain after application of algorithm. Some applications of
anti terrorist networks require set of prominent actors that can
Decision Tree 95 77 100
accomplish goals well interacting with special key players who
SVM 100 100 0.58 belong to some particular group for information retrieval. CK–
KNN 97 100 96 SDK framework identifies main actors with more accuracy than
Ensemble 100 100 100 identifying through hybrid centrality measure.
6. REFERENCES
120 [1] S. Wasserman and K. Faust, Social network analysis:
Methods and applications vol. 8: Cambridge university press,
1994.
100
[2] A. Gutfraind and M. Genkin, "A graph database framework
80 for covert network analysis: An application to the Islamic
State network in Europe," Social Networks, vol. 51, pp. 178-
60 188, 2017.
[3] C. Comito, D. Falcone, and D. Talia, "A peak detection
40 method to uncover events from social media."
[4] C. Chiu, Y. Ku, T. Lie, and Y. Chen, "Internet auction fraud
20 detection using social network analysis and classification tree
approaches," International Journal of Electronic Commerce,
Figure 8. Comparison of HCM model with other classifiers.
vol. 15, pp. 123-147, 2011.
[5] I. McCulloh and K. M. Carley, "Detecting change in
Table 5. Comparison of HCM learning algorithm.
longitudinal social networks," Military Academy West Point
Classifier Accuracy Sensitivity Specificity NY Network Science Center (NSC)2011.
Decision Tree 98 100 100 [6] H. Eiselt, "Destabilization of terrorist networks," Chaos,
Solitons & Fractals, vol. 108, pp. 111-118, 2018.
SVM 100 100 0.58
[7] D. K. Gupta, Understanding terrorism and political violence:
KNN 100 100 96 The life cycle of birth, growth, transformation, and demise:
Routledge, 2008.
11
[8] V. Krebs, "Connecting the dots: tracking two identified [18] S. Pal, Y. Dong, B. Thapa, N. V. Chawla, A. Swami, and R.
terrorists," 2001a) http://www. orgnet. com/tnet. html, 2015. Ramanathan, "Deep learning for network analysis: Problems,
[9] R. H. Davis, "Social network analysis: An aid in conspiracy approaches and challenges," in Military Communications
investigations," FBI L. Enforcement Bull., vol. 50, p. 11, Conference, MILCOM 2016-2016 IEEE, 2016, pp. 588-593.
1981. [19] Y. Asim, A. R. Shahid, A. K. Malik, and B. Raza,
[10] G. A. Pavlopoulos, A.-L. Wegener, and R. Schneider, "A "Significance of machine learning algorithms in professional
survey of visualization tools for biological network analysis," blogger's classification," Computers & Electrical
Biodata mining, vol. 1, p. 12, 2008. Engineering, 2017.
[11] K. Matia, Y. Ashkenazy, and H. E. Stanley, "Multifractal [20] C. Comito, D. Falcone, and D. Talia, "A peak detection
properties of price fluctuations of stocks and commodities," method to uncover events from social media," in Data
EPL (Europhysics Letters), vol. 61, p. 422, 2003. Science and Advanced Analytics (DSAA), 2017 IEEE
International Conference on, 2017, pp. 459-467.
[12] A.-L. Barabási and R. Albert, "Emergence of scaling in
random networks," science, vol. 286, pp. 509-512, 1999. [21] R.-H. Li, L. Qin, J. X. Yu, and R. Mao, "Finding influential
communities in massive networks," The VLDB Journal—The
[13] W. H. Butt, M. U. Akram, S. A. Khan, and M. Y. Javed, International Journal on Very Large Data Bases, vol. 26, pp.
"Covert network analysis for key player detection and event 751-776, 2017.
prediction using a hybrid classifier," The Scientific World
Journal, vol. 2014, 2014. [22] N. a. S. F. E. Roberts. (2011, 15/3/2018). Roberts and
Everton Terrorist Data: Noordin Top Terrorist Network
[14] N. E. Friedkin and E. C. Johnsen, "Social positions in (Subset). Available:
influence networks," Social Networks, vol. 19, pp. 209-222, https://sites.google.com/site/sfeverton18/research/appendix-1
1997.
[23] M. A. Malik and M. Kang, "Euclidean distance based label
[15] V. Batagelj and M. Zaveršnik, "Fast algorithms for noise cleaning," in Ubiquitous and Future Networks
determining (generalized) core groups in social networks," (ICUFN), 2017 Ninth International Conference on, 2017, pp.
Advances in Data Analysis and Classification, vol. 5, pp. 237-239.
129-145, 2011.
[24] N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P.
[16] N. Azimi-Tafreshi, J. Gómez-Gardenes, and S. Dorogovtsev, Kegelmeyer, "SMOTE: synthetic minority over-sampling
"k− core percolation on multiplex networks," Physical technique," Journal of artificial intelligence research, vol. 16,
Review E, vol. 90, p. 032816, 2014. pp. 321-357, 2002.
[17] C. Weinstein, W. Campbell, B. Delaney, and G. O'Leary, [25] A. Bickle, The k-cores of a graph: Western Michigan
"Modeling and detection techniques for counter-terror social University, 2010.
network analysis and intent recognition," in Aerospace
conference, 2009 IEEE, 2009, pp. 1-16.
12