Content-Based Detection of Terrorists Browsing the Web Using an Advanced Terror Detection System (ATDS)

  • Yuval Elovici
  • Bracha Shapira
  • Mark Last
  • Omer Zaafrany
  • Menahem Friedman
  • Moti Schneider
  • Abraham Kandel
Part of the Integrated Series In Information Systems book series (ISIS, volume 18)

Many terror-related groups use the Web as a convenient, anonymous communication infrastructure. This infrastructure enables exchange of information and propagation of ideas to active and potential terrorists. The Terrorist Detection System (TDS) is aimed at tracking down suspected terrorists by analyzing the content of information they access. In this chapter we present an advanced version of TDS (ATDS), where the detection algorithm was enhanced to improve the detection and reduce the false alarms. ATDS was implemented and evaluated in a network environment of 38 users comparing it to the performance of the basic TDS. Behavior of suspected terrorists was simulated by accessing known terror-related sites. The evaluation included also sensitivity analysis aimed at calibrating the settings of ATDS parameters to optimize its performance. The evaluation results suggest that ATDS outperformed TDS significantly and was able to reach very high detection rates when optimally tuned.


True Positive Anomaly Detection Queue Size Learning Mode Information System Engineer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Birnhack M., D. and Elkin-Koren, N. Fighting Terror On-Line: The Legal Ramifications of September 11, Internal Report, The Law and Technology Center, Haifa University. ( (2003)
  2. 2.
    Elovici, Y., Shapira, B., Last, M., Kandell, A., and Zaafrany, O: Using Data Mining Techniques for Detecting Terror-Related Activities on the Web, J of Information Warfare, 3 (1), (2004), 17-28.Google Scholar
  3. 3.
    Extractor DBI Technologies (2003)
  4. 4.
    Fielding, R. Gettys, J. and Mogul, J. "RFC2616: Hypertext Transfer Protocol-HTTP/1.1" Network Working Group, (1999).Google Scholar
  5. 5.
    Last, M. Elovici, Y. Shapira, B. Zaafrany, O, and Kandel, A.: Using Data Mining for Detecting Terror-Related Activities on the Web, ECIW Proceedings (2003), 271-280.Google Scholar
  6. 6.
    Last, M. Elovici, Y. Shapira, B. Zaafrany, O., and Kandel, A.: Content-Based Methodology for Anomaly Detection on the Web, Advances in Web Intelligence, E. Menasalvas et al. (Eds), Springer-Verlag, Lecture Notes in Artificial Intelligence, 2663, (2003), 113-123.Google Scholar
  7. 7.
    Winpcap version 3.0 (2004)
  8. 8.
    Wooster, R., Williams, S. and Brooks, P.: HTTPDUMP: a network HTTP packet snooper. Working paper available at∼chitra/work.html (1996)
  9. 9.
    Kelley,J.:Terror Groups behind Web encryption”, USA Today, (2002)
  10. 10.
    Lemos, R.: What are the real risks of cyberterrorism?, ZDNet, (2002)
  11. 11.
    Ingram, M.: Internet privacy threatened following terrorist attacks on US, (2001)
  12. 12.
    Sequeira, K. and Zaki, M.: ADMIT: Anomaly-based Data Mining for Intrusions, Proceedings of SIGKDD 02, (2002), 386-395Google Scholar
  13. 13.
    Karypis, G.: CLUTO - A Clustering Toolkit, Release 2.0, University of Minnesota,∼karypis/cluto/download.html (2002)
  14. 14.
    Salton, G., and Buckley, C.: Term-Weighting Approaches in Automatic Text Retrieval, Information Processing and Management, 24( 5), (1988), 513-523.CrossRefGoogle Scholar
  15. 15.
    Mobasher, M., Cooley, R., and Srivastava, J. :Automatic personalization based on Web usage mining Communications of the ACM, 43 (8), (2002), 142-151.Google Scholar
  16. 16.
    Ghosh, A.K., Wanken, J., and Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In Proceedings of ACSAC'98, December (1998)Google Scholar
  17. 17.
    Tan, K., and Maxion, R.: "Why 6?" Defning the Operational Limits of Stide, an Anomaly-Based Intrusion Detector. Proceedings of the IEEE Symposium on Security and Privacy (2002), 188 -202.Google Scholar
  18. 18.
    Lane,V, and Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. In Proceedings of the5th ACM conference on Computer and Communications Security, (1998), 150-158.Google Scholar
  19. 19.
    Corbin, J. “Al-Qaeda: In Search of the Terror Network that Threatens the World”, Thunder’s Mouth Press / Nation Books, New York, (2002).Google Scholar
  20. 20.
    Chen, H. "Intelligence and security informatics: information systems perspective", Decision Support Systems: Special Issue on Intelligence and Security Informatics, 41(3), (Mar. 2006), 555-559.Google Scholar
  21. 21.
    Chen, H., Qin, J., Reid, E., Chung, W., Zhou, Y., Xi, W., Lai, G., Elhourani, T., Bonillas, A., Wang, F.-Y., and Sageman M., “The dark web portal: Collecting and analyzing the presence of domestic and international terrorist groups on the web,” in Proc. 7th IEEE Int. Conf. Intelligent Transportation Systems, Washington, DC, (Oct. 2004), 106-111.Google Scholar
  22. 22.
    Gerstenfeld, P.B., Grant, D.R., and Chiang, C., “Hate Online: A Content Analysis of Extremist Internet Sites,” Analysis of Social Issues and Public Policy, 3(1), (2003), 29-44.Google Scholar
  23. 23.
    Office of Homeland Security, The White House, National strategy for homeland security, (July 2002).Google Scholar
  24. 24.
    Zhou1 Y., Reid, E., Qin, J., Chen H., and Lai, G., "U.S. Domestic Extremist Groups on the Web: Link and Content Analysis", IEEE intelligent systems, 20(5), (2005), 44-51.CrossRefGoogle Scholar
  25. 25.
    Symonenko, S., Liddy, E.D., Yilmazel, O., DelZoppo, R., Brown, E., and Downey, M, "Using SVM Approach to classify anomalous content within the organization - Semantic Analysis for Monitoring Insider Threats". In Proceedings of 2nd Symposium on Intelligence and Security Informatics. Tucson, Arizona, (2004).Google Scholar
  26. 26.
    Perkowitz, M., Etzioni, O., "Towards adaptive web sites", Artificial Intelligence, 118, (2000), 245- 275.CrossRefGoogle Scholar
  27. 27.
    Shahabi, C., Zarkesh, A., Adibi, J., and Shah, V., "Knowledge discovery from users web-page navigation", Proc. of the IEEE 7th International Workshop on Research Issues in Data Engineering, (1997), 20-30.Google Scholar
  28. 28.
    Provos, N., Honeyman, P., "Detecting Steganographic Content on the Internet", ISOC NDSS’02, (2002).Google Scholar
  29. 29.
    Leckie T., and Yasinsac, A., "Metadata for Anomaly-Based Security Protocol Attack Deduction", IEEE Transactions on Knowledge and Data Engineering,16(9), (September 2004),1157-1168.CrossRefGoogle Scholar
  30. 30.
    Abbasi, A., and Chen. H., "Applying Authorship Analysis to Extremist-Group Web Forum Messages", Published by the IEEE Computer Society, (September, 2005), 67-75.Google Scholar
  31. 31.
    Reid, E., Qin, J., Chung, W., Xu, J., Zhou, Y., Schumaker, R., Sageman, M., & Chen, H. "Terrorism Knowledge Discovery Project: A Knowledge Discovery Approach to Addressing the Threats of Terrorism," in Proc. of the 2nd. Symposium on Intelligence and Security Informatics , Tucson, AZ, (2004), 125-145.Google Scholar
  32. 32.
    Wu, H., Gordon, M., Demaagd, K., & Fan, w. "Mining web navigations for intelligence" Decision Support Systems, 41(3), (2006), 574-591.CrossRefGoogle Scholar
  33. 33.
    Zaafrany, O., Shapira, B., Last, M., Elovici, Y., Kandel., A., "OHT- Online-HTML Tracer for Detecting Terrorist Activities on the Web". Proceedings of the 3rd European Conference on Information Warfare and Security (ECIW 2004), University of London, UK, June 28-29, pp. 371-378, 2004.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Yuval Elovici
    • 1
  • Bracha Shapira
    • 1
  • Mark Last
    • 1
  • Omer Zaafrany
    • 1
  • Menahem Friedman
    • 1
  • Moti Schneider
    • 2
  • Abraham Kandel
    • 3
  1. 1.Department of Information Systems EngineeringBen-Gurion University of the NegevIsrael
  2. 2.School of Computer ScienceNetanya Academic CollegeIsrael
  3. 3.Department of Computer Science and EngineeringUniversity of South FloridaTampaUSA

Personalised recommendations