Covert Network Detection

Network analysis has been a major research area over the last ten years, driven by interest in biological networks, cyber attacks, social networks, and criminal or terrorist organizations. This range of applications is illustrated in Figure 1. Detection of a covert community is most likely to be effective if the community exhibits high levels of connection activity. However, the covert networks of interest to many applications are unlikely to cooperate with this optimistic assumption. Indeed, a " fully connected network is an unlikely description of the enemy insurgent order of battle [1]. " A clandestine or covert community is more likely to appear cellular and distributed [2]. Communities of this type can be represented with " small world " models [3]. The covert networks of interest in this paper exist to accomplish nefarious, illegal, or terrorist goals while " hiding in plain sight [4, 5]. " Covert networks necessarily adopt operational procedures to remain hidden and robustly adapt to losses of parts of the network. For example, during the Alge-rian Revolution, the National Liberation Front's (FLN) Autonomous Zone of Algiers (ZAA) military command was ''carefully kept apart from other elements of the organization, the network was broken down into a number of quite distinct and compartmented branches, in communication only with the network chief, " allowing ZAA leader Yassef Saadi to command " within 200 yards from the office of the [French] army commandant... and remain there several months [6]. " Valdis Krebs' reconstruction of the 11 September 2001 terrorist network details the strategy for keeping cell members distant from each other and from other cells, and notes Osama Covert network detection is an important capability in areas of applied research in which the data of interest can be represented as a relatively small subgraph in an enormous, potentially uninteresting background. This aspect characterizes covert network detection as a " Big Data " problem. In this article, a new Bayesian network detection framework is introduced that partitions the graph on the basis of prior information and direct observations. We also explore a new generative stochastic model for covert networks and analyze the detection performance of both classes of optimal detection techniques.