acquiring & exploiting knowledge for predicting acts of terrorism

Copyright 2010, Rocky M. Termanini 1

Acquiring & Exploiting Knowledge for Predicting Acts of Terrorism

Rocky Termanini. PhD, CISSP Software Process Improvement Network (SPIN)

Northrop Grumman, E2 Conference, Redondo Beach, CAApril 6; 9:00 – 12:00 AM


The US Government is learning it the hard way:

Predictive Models do not work unless you have been deeply involved in the fabric of the culture and religion of the country…


The US Government Did not pay much attention to the History of Egypt


Step two: in the CEWPS plan: to realistically represent the social, cultural, and behavioral theories” about why people act the way they do”.

Step three: let commanders run mock battle plans against these modeled Iraqis, to see how they might react.

Step one: dump everything we know about a country like Iraq, and “create systems that mirror the actual communities.”


A noble mission to explain the anatomy of Al Quada

Copyright 2010, Rocky M. Termanini

Prior Attack Attack Post Attack

Event E(t)


We’re building an is artificially intelligent reasoning machine that extract knowledge from historical bombing episodes and offer solid prediction and combat upcoming attacks...

Prior Attack Attack Post Attack

Event E(t)

Objective


Specifically speaking,

1. creating a Knowledge database of past attacks;

2. identifying trends in the attacks; 3. determining the correlation between

attacks 4. using analysis to calculate the

probabilities of future attacks and their location.

Objective


CEWPS™ offers four robust advantages:

• Early Warning Prediction of incoming attack.

• Early Warning Detection • Evidential Reasoning to improve degree of certainty

• Memorizing attacks for future similar attacks

9

CEWPS Holistic vision


Early-warning is not about predicting the future …It is about preventing specific events (terror attacks) from happening at the right time

Early Warning Rationale


TerrorismWhat is It?

Why do we worry about it

What can we do to circumvent it


Jihadism: Originally had a significantالجهاد meaning to represent Islam expansion…Now, it has a twisted meaning to represent Islamic terrorism

Mujahedeen: Radical warriors who practice Islamic terrorism under the name of Jihad. They are dedicated to destroying anything that is not Islamic. They believe their action will win them the Paradise.

المجاهدين

Let’s define some term


Dedication to a cause


Even a Camel is part of Jihad


Suicide Bombing can take any form


Another Kind of Mujahedeen:


Another mission to to call for Holy War


Abu Nidal organization (ANO) Abu Sayyaf Group (ASG) Al-Aqsa Martyrs Brigade Ansar al-Islam (AI) Armed Islamic Group (GIA) ‘Asbat al-Ansar

Aum Supreme Truth (Aum) Aum Shinrikyo Basque Fatherland and Liberty (ETA) Communist Party of Philippines/New People’s Army (CPP/NPA) Al-Gama’a al-Islamiyya (Islamic Group, IG) HAMAS (Islamic Resistance Movement) Harakat ul Mujahidin (HUM) Hizballah (Party of God) Islamic Movement of Uzbekistan (IMU) Jaish-e-Mohammed (JEM) Jemaah Islamiya (JI) Al-Jihad (Egyptian Islamic Jihad, EIJ) Kahane Chai (Kach) Kongra-Gel (KGK, formerly Kurdistan Workers’ Party, PKK, KADEK) Lashkar-e-Tayyiba (LT)

Lashkar I Jhangvi (LJ) Liberation Tigers of Tamil Eelam (LTTE) Mujahedin-e Khalq Organization (MEK) National Liberation Army (ELN)—Colombia Palestine Islamic Jihad (PIJ) Palestine Liberation Front (PLF) Popular Front for the Liberation of Palestine (PFLP) Popular Front for the Liberation of Palestine–General Command (PFLP-GC) Al-Qaida Real IRA (RIRA) Revolutionary Armed Forces of Colombia (FARC) Revolutionary Nuclei (RN) Revolutionary Organization 17 November (17 November) Revolutionary People’s Liberation Party/Front (DHKP/C) 135Salafi st Group for Call and Combat-GSPC Sendero Luminoso (Shining Path or SL) United Self-Defense Forces/Group of Colombia (AUC)

U.S. RECOGNIZED TERRORIST ORGANIZATIONS WORLDWIDE


60% Shi’a30% Sunni10% Misc.


890 /year

3200/year

1200 /year


http://www.youtube.com/watch?v=bel7Trt49hE

http://www.youtube.com/watch?v=KOTH_xv6O4o&feature=related







The History of Islam and its relation to Jihad


Let’s go back and review the chemistry of the four Terrorists


Abdul Rahman Ghazi

Nationality: Iraqi, KurdSect: Sunni, Married two kids; engineer; Joined Al-Quada 2005; explosive knowledge- HighTraining in Pakistan.JihadistFrequent visitor to UAE…brother works accountantPlan: Killing Shi’a PolicemenSuicide in 2009 Baghdad…


Mustapha Hamwai Jalali

Nationality: Yemeni, Sect: Sunni, Single; Accountant; Joined Al-Quada 2006; explosive knowledge- HighTraining in Yemen, Accountant in IraqJihadistBrother works in Dubai…HSBC bankPlan: Killing US troopsSuicide in 2009 Basra, Iraq


Faysal Hasan

Nationality: Iraqi, from Baghdad Sect: Shi’a, Single; Architect; Joined Muqtada al-Sadr 2006; explosive knowledge- HighTraining in Lebanon’s Hezbollah.JihadistPlan: Killing US touristsSuicide in 2009 Mosel, Iraq


Mohammed Abdul Salam

Nationality: Egyptian, CairoSect: Sunni, Single; Journalist; Married to a Palestinian girl Najwa, Joined Muslim Brotherhood 2004; Army officer, explosive knowledge- HighTraining in Mauritania.Jihadist, RadicalPlan: Killing US troops in an Humvee


The Jihad War

• Believe 9/11 is an inside job• Very savvy politically• Highly educated• Islamic war against enemies of God• Not afraid to die• Driven by radical Islamism• Residual anger and vengeance• Desire to go to Heaven• They only can do it “once” • They prefer to attack Americans outside the US


We can improve our Homeland security against suicide bombing, by learning from previous attacks, in the world...


So, What can we learn from previous Suicide Bombing Episodes?


Outcome

Store &

Predict

Created by external sensation or internal reflection

Experience & knowledge Relationship

Experience

Neurological image of the experience in the brain

Knowledge

Event


If we inject the human knowledge and experience into the machine, we will be able to build an intelligent system that employs expert judgment and extensible reasoning capability


There are many registries and data repositories on terrorism....but, they are disparate , non-normalized, non-correlative


GTD from the University of Maryland


Rand DB on Terrorism Incidents


FBI Terrorist Screening Center


Institute of Terrorism Research and Response


Most Episodes partially documented, incomplete and follow no standards


Analyzing a suicide Bombing Episode


Episode

Episode

Episode

Episode

Episode

Episode

Episode

Episode

Attack Episodes have lots in common

attack

attack

attack

attack attack

attack

attack

attack


They all have common features

Episode

Tstart Tend

Each episode is a stochastic Process


Episode

A suicide Episode has 6 basic attributes

•A Plan

•Actors

•Target

•Time

•Locatio

n

•Damag

e


Each episode has three Phases

PlanningPlanning Recovery

Φ1 Φ3 Φ2

Forecast Zone

Tstart Tend

• Casualties• Destruction• Disruption• Social Trauma

Emergency Response

attack

Copyright 2010, Rocky M. Termanini The Process of Credible Prediction

SB-1 SB-2 SB-3

P(t)3P(t)2P(t)1

P(t)0

SB-T

A(t)0M(t)1 M(t)2 M(t)3M(t)0

Prediction Period

Bombing where Prediction Failed

Predic

tor h

ad re

liable

data

to pr

edict

posit

ive

Predic

tor i

ssue

d an

alert

Attack

caug

ht

befo

re de

tona

tion

Copyright 2010, Rocky M. Termanini The Process of Credible Prediction

SB-1 SB-2 SB-3

P(t)3P(t)2P(t)1

P(t)0

SB-T

A(t)0M(t)1 M(t)2 M(t)3M(t)0

Pred

ictio

n Pe

riod

Bombing where Prediction Failed

Predic

tor h

ad re

liable

data

to pr

edict

posit

ive

Predic

tor i

ssue

d an

alert

Attack

caug

ht

befo

re de

tona

tion

When prediction shorter, prevention gets better


The Major Building Blocks

Outcome Reasoner

Early Warning Broadcaster

Attack Analyzer

Attack Collector (KM)

48

Build Collecting grids

Collect Bombing Episodes

Dispatch &Alert

Normalize &Characterize

CreateSemantic

Knowledge

By indicators

Analyze & Validate

BuildBombingPatterns

Match Rules

Build Reasoning

Model

Ontology Components&Semantic Rules

Bayesian Refinement Recursion

Save Episode Analysis


Graph-G The Global Cyber Malware Data Collection Grid Global Terror Episode Collection Grid


The Intelligence Data Grid

The Activity Monitoring

Grid

The Demographic Grid

Global TerrorSteady Updates

Steady Updates

Steady Updates

The Cognitive Early Warning Prediction System (CEWPS™)

Steady Updates


Collected Raw attributes on the attacker


MonitoringSources

Unstructured Attack Episodes Are Collected, Filtered And Transformed Into A Patterns

Local Law Enforcement

US/Global Intelligence

Grids

Disparate Unstructured

AttacksAttack Collectors

Ont

olog

ical

and

Sem

antic

T

rans

form

atio

n

Knowledge Base

Semantic attack Patterns


Terrorism is the domain

Ontology is used to represent a suicide attack as a knowledge model

Jihad

Faith

HeavenSacrifice

Suicide


Semantic is to derive significant knowledge from words

Jihad

Sacrifice

Suicide

• Fighting for Islam• Dedication to Islam• Showing Courage• Heaven is the award

• Go to Heaven• Destroy Enemy of God• Be an example to others• Koran teaches us to kill enemies of Allah

• I am not afraid of dying• I am enlisted in Mohammed’s Army• Sacrifice is the best way to die for Islam• Paradise is the desired place


Bombing Predictor

Scenario Builder

BomberProfile

BombingHistory

ExplosivesKnowledge

Potential Locations

Potential Occasions

SuspectVehicles

Knowledge Collector Match

Alerts

Pre-emptive Alerts

DispatchPredicted Scenario

Attack Clues incoming

The Architecture of The Cognitive Early Warning Predictor System (CEWPS)

Human Experience

Semantic Bombing Episodes Knowledge Base

Improvements

Dispatch Early Warning

Bayesian and HeuristicProcessing


Attack Knowledge Database

The Reasoner

Data include Semantic Rules

CEWPS™ extracts credible forecasts and prediction about Bombing Attack

Attack Models with Higher Degree of

CertaintyIncoming Attack Clues

Broadcast Alert to Agencies

Select Optimal Predictive Attack

Apprehend Terrorists

56

Urgent Response ModeOntological and

Semantic Transformation

Attack knowledge

Models


US/Global Intelligence

Sources

MonitoringSources

Each Attack Episode is Transformed into a Distinct Pattern

DemographicSources

All the attributes are semantically connected


Rea

soni

ng E

ngin

e

CEWPS Semantic Knowledge Base

Attack Pattern

Dynamic Prediction Queries

Selected Pattern

Library of Attack Patterns

As a finding is entered, the propagation algorithm updates the beliefs attached to each relevant node in the network

A query produces the information to propagate through the network and the belief functions of several nodes are updated


Small Illustration of Bayes Modeling


What Is it?It is a network-based model involving uncertainty

What is it used for?Intelligent decision aids, data fusion, feature recognition, intelligent diagnostic aids, automated free text understanding, data mining

Where did it come from?Cross fertilization between the artificial intelligence, Operations Research,, and statistic…


Example from Medical Diagnostics

Network represents a knowledge structure that models the relationship between medical difficulties, their causes and effects, patient information and diagnostic tests

Visit to Asia

Tuberculosis

XRay Result Dyspnea

BronchitisLung Cancer

Smoking

Patient Information

Diagnostic Tests

Tuberculosisor Cancer

Medical Difficulties



Relationship knowledge is modeled by deterministic functions, logic and conditional probability distributions

Patient Information

Diagnostic Tests

Visit to Asia

Tuberculosis

Tuberculosisor Cancer

XRay Result Dyspnea

BronchitisLung Cancer

SmokingTuber

Present

Present

Absent

Absent

Lung Can

Present

Absent

Present

Absent

Tub or Can

True

True

True

False

Medical DifficultiesTub or Can

True

True

False

False

Bronchitis

Present

Absent

Present

Absent

Present

0.90

0.70

0.80

0.10

Absent

0.l0

0.30

0.20

0.90

Dyspnea



Propagation algorithm processes relationship information to provide an unconditional or marginal probability distribution for each nodeWhich is called the belief function of that node

TuberculosisPresentAbsent

1.0499.0

XRay ResultAbnormalNormal

11.089.0

Tuberculosis or CancerTrueFalse

6.4893.5

Lung CancerPresentAbsent

5.5094.5

DyspneaPresentAbsent

43.656.4

BronchitisPresentAbsent

45.055.0

Visit To AsiaVisitNo Visit

1.0099.0

SmokingSmokerNonSmoker

50.050.0 Patient Information



Interviewing the patient produces more information the “Visit”As this data is entered, the propagation algorithm updates the beliefs attached to each relevant node in the network


5.0095.0


14.585.5


10.289.8


5.5094.5


45.055.0


45.055.0


100 0


50.050.0



5.0095.0


18.581.5


14.585.5


10.090.0


56.443.6


60.040.0


100 0


100 0


Further interviewing of the patient produces the finding “Smoking” is “Smoker”…This information propagates through the network



0.1299.9


0 100


0.3699.6


0.2599.8


52.147.9


60.040.0


100 0


100 0


Finished with interviewing the patient, the physician begins the examination, and he now moves to specific diagnostic tests such as an X-Ray, which results in a “Normal” finding which propagates through the network…information from this finding propagates backward and forward



The physician also determines that the patient is having difficulty breathing, so “Present” is entered for “Dyspnea” which propagated through the network.The doctor might now conclude that the patient has bronchitis and does not have tuberculosis or lung cancer


0.1999.8


0 100


0.5699.4


0.3999.6


100 0


92.27.84


100 0


100 0


Bayesian Nets Modeling

•Behavior prediction of serial killers patient •Prediction of Plagiarism in Academia•speech and speaker recognition....•Military Surprise Attacks•Cancer diagnosis•Google search•SPAM Filtering•FBI Face recognition (Biometrics)•Site profiler for Military against terrorism•Modeling Oil drilling


Arrive to airport

Meeting-1Restaurant

Phone Call-1

Arrive to Friend’s Home

Track Itinerary

FBI Check

Check INS

Records

AirportBiometric Picture

Rented car from HERTZ Overseas

Call-2

Call Main Cell Overseas

Check e-mail

Given Instructions

Picked up by friend

Phone Company

State Department

Pattern Check-1

Meeting-2Restaurant

Check Local Universities

Restaurant Under

Surveillance

Target not

identified

Track ISP

3 visas from 3 countries

Check owner

records

E-mailForensics

Two locations identified

Plan to visit location-1

Registered But did not

attend

Plan to visit location-2

Rendez-vous time set

Target Somewhatidentified

Diagram – E Unstructured Sequence Diagram Of The Attack Before Becoming A Pattern (Part-1)

RaiseFlag-1

RaiseFlag-2 Query

Knowledge Base

RaiseFlag-3

Bayes Acyclic Attack Network (Part-1)Bayes is a scientific approach to quantify our degree of certainty on the basis of incomplete information


Terroristrehearse

attack

E-mails sent to

headquarters

FBI Notified Surprise

Arrest

Query Knowledge

Base

Get go-ahead

with attack

Caught On CCTV

Camera

Grids sent more data on Jamal

CEWPS predict 65%

Attack

E-mail intercepted

Visit-1 to Penn

StationTake

Pictures

CEWPS is processing

data

Phone calls to

headquarters

Visit-1 to WTC

Amtrak Notified

July3dAttack date

CEWPS predict 87%

Attack FBI atPenn

Station

Thursday 2:45 PM

Document and send

to KB

Bayes Acyclic Attack Network (Part-2)

Bayes is a scientific approach to quantify our degree of certainty on the basis of incomplete information


Complete Attack Network


CEWPS can live on the cloud


Trafficking Services White Slavery Services Spying Services

Suicide Services

Terror as a Service

Hacking Services

Terrorism Service Providers

Cyberterrorism is big time on the cloud

Drug Traffiking Services


The CEWPS™ Cloud Services

Data Collection Services

Early Warning Services

Attack Prediction Services

Subscriber Network

VPN Gateway

Secure VPN Connection


The Newark Bombing Scenario


Thank you For Further Questions or inquires

Dr. Rocky Termanini

Email: [email protected]

mailto:[email protected]

acquiring & exploiting knowledge for predicting acts of terrorism

Documents

rocky termanini

country copyright

jihad copyright

form copyright

cause copyright

term copyright

history of egypt copyright

holy war copyright