Challenges in Terrorist Behavior Prediction and Detection by Technological Systems

This post is also available in: עברית (Hebrew)

By Or Shalom

Terrorism has been a major international challenge concerning the world ever since the French Revolution up until now. During the 1970s, the term has become specific to terrorist warfare against civilians. The September 11 attacks have marked a substantial shift as the largest terrorist attack in history.

The use of terrorism as a tool for achieving political ends can harm and threat governments and democracy, but not less than that, to harm the security of innocent civilians. For this reason, governments have been investing resources also in the research and technology arena in order to predict terror acts in advance.

Terrorism is based on the notion that the terrorist act will be operated by a person or a group, at a supposedly random place and time. However, it is important to develop scientific concepts alongside technological capabilities in order to enable the prediction of terrorist activity – including its various circles.

Prediction capabilities are based, among others, on mathematical models, such as the HAWKES (Hawkes Alan) for predicting criminal and terrorist trends. It is assumed that, similarly to earthquakes, there are signs and movements before, during and after the incident. The central incident has early activities and signs and can have repercussions over the incidents that follow. When a certain incident occurs, there is a higher probability of similar incidents for a while. As more and more time passes from the original incident, the probability for additional incidents gets lower.

There are quite a few dedicated technologies for collecting information on terror intentions and attacks from the internet network. These processes are based on the analysis of links, news articles, and posts on social media, cross-checking of names in various terrorism and hostile destructive activity databases, etc. These capabilities depend on the level of cooperation between states, intelligence agencies and enforcement organizations, among other factors. 

Meta-data (information about information) analysis is another capability producing additional information from the relevant information. This competence offers mainly a retrospective glance on the incidents sequence, links among entities, social media activities, information regarding financial transactions (e.g. unusual flight tickets purchase), traveling patterns, internet activity, etc. The analysis of the information can provide insights regarding the sequence of incidents, and – when required – also about IPs, telephone numbers, inference on dominant stakeholders and other identifiers. Of course, the integration and application of AI tools can provide more effective analysis of information gathered from the global network.

However, this is a complex task, taking into account that terrorists operate in small groups, sub-groups, and sometimes individually on their way to their mission and target. This provides them with high-level compartmentalization, by using tools and disguise in order to avoid detection also on the web. The Safety and Security Guidelines for Lone Wolf Mujahideen and Small cells, released by ISIS in 2016, was intended for encouraging individuals to perpetrate attacks. It also provided insights about careful preventive measures on the web as well as on the physical environment, while refraining from suspicious behavior. The handbook provided guidelines for using a cover story, coping with random police checkpoints on the way, and tools and instructions for anonymous browsing on the web and the darknet as part of getting organized, collecting and exchanging information.

Due to the complexity of terrorist intents detection on the web, as well as legal rights aspects, there is a need to explore tactical detection capabilities, as an additional (and sometimes – compensating) layer. In some cases, such solutions are required on the scene.

There are quite a few advanced, dedicated solutions, such as biometric systems, for the detection of suspects on the basis of voice signatures, cross-checking the images of the arriving crowd cross-checked with the network’s databases. This application can be attractive in areas such as an airport terminal, entrance halls and crowded areas at embassies and consulates, train stations, theater venues, malls, etc.. Here also, the response is not always perfect because of legal aspects as well as the possibility that the current assailant doesn’t have any signature on the web, or any past terrorist or criminal record.

Therefore, the use and application of smart analytics and AI capabilities in cameras at the tactical arena have major potential at the final layer before the operation.

The deployment of warning systems at this layer is vital, taking into account that the terrorist has been operating anonymously in a departmentalized manner up to the minute of operation. This is the reason why it could be the last opportunity to stop and prevent the operation. Resources, hardware costs, storage dimensions, and the capability to extract Big Data from various systems enable, and even require, the application of capabilities in this tactical arena.

As a rule, the major advantages of AI emanate from the fact that it is more enhanced than human processes and operations, thanks to learning and accommodation processes, sensing and interaction, the planning of procedures and parameters, autonomy, creativity, and the extraction of knowledge and forecasting from a wide range of digital data. These advantages are substantial in the security realms as they provide analysis and optimization capabilities that are not based on subjectivity and discrimination (e.g. tagging people on the basis of race, religion).

The ability to produce, to import, and enrich the database into suspected behavior patterns can contribute to the improvement of analytics and performance. This is due to the fact that the persons already on the scene naturally produce physiological patterns and behavioral indicators that can be analyzed and learned, and therefore can predict and detect unusual behavior and anomaly.

Camera-based analytics is already available, alerting on weapon draw in order to shoot. The system can be taught to rank additional indexes. The higher the system is ranked – the more concrete is the threat. Suspected behaviors can be defined as patterns of cumbersome walking disguising something or carrying heavy equipment, unexplained wandering around out of nervousness or in order to map the arena, leaving a bag at the arena within a 10-meter radius, transferring objects, etc.

In 2016, an explosion occurred at an aircraft taking off from an airport in Mogadishu, the capital of Somalia. The security images showed two employees at the internal part of the airport transferring to the terrorist, Abdulahi Abdisalam Borle, the booby-trapped laptop that eventually caused the explosion. This is a classical example of the definition of camera analytics dedicated to object attribution or transfer between two people in unauthorized areas that could have prevented this internal threat scenario at the airport.

Although there is a lot of scientific research being conducted in an attempt to improve capabilities in this field, there is genuine potential in the deployment of analytics and AI in technological security systems, both from the aspects of terror thwarting in the tactical arena and, of course, business potential in the HLS fields. 

Or Shalom – Security and cyber expert and consultant to government ministries and defense industries. He holds a master’s degree, as well as civil and national qualifications in the realm of HLS and Cyber Security. He has experience in security, innovation, planning and characterization of technological security systems, HLS and Cyber preparedness. Mr. Shalom leads centers of excellence and advanced training programs in Cyber and HLS for various organizations in the civilian and infrastructure sectors.