This article reports on the development of a comprehensive version of a graph pattern matching technique called Investigative Search for Graph Trajectories (INSiGHT) to find emergent patterns of behaviors in networks and tailor the application to detecting radicalization in the homeland security domain.
The search in graph databases for individuals or entities undertaking latent or emergent behaviors has applicability in the areas of homeland security, consumer analytics, behavioral health, and cybersecurity. In this setting, even partial matches to hypothesized indicators are worthy of further investigation, and analysts in these domains aim to identify and maintain awareness of entities that either fully or partially match the queried attributes over time. To enable analysts' accounting of recurring behavioral indicators and the recency of behaviors as the imminence of a threat, the current project developed parameterized methods to score multiple occurrences of indicators and to dampen the significance of indicators over time, respectively. In addition, it used an indicator categorization scheme and a match filtering technique to ensure that partial matches to the most salient indicators are identified, while reducing the number of false positives. Furthermore, since individuals may be radicalized in small groups or be involved in collective terrorist plots, a non-combinatorial neighborhood matching technique was developed that enables analysts to use INSiGHT to identify potential query matches from clusters of individuals who may be operating in conspiracies. The project demonstrated the performance of its approach by using a synthetic radicalization data set and a large, real-world data set of the BlogCatalog social network. (publisher abstract modified)