Unveiling the digital web of extremism with graph-based analytics

The world is increasingly connected and so is the data representing our reality. Table-based tools and technologies, such as spreadsheets and dashboards, are not sufficient to understand the complexity and take advantage of connections in today’s data. This highlights the need for graph-based data analysis.

This article explores how leveraging interconnected data within a knowledge graph enables mission-critical alerting functionality to a significantly more advanced and potent level. 

Rather than being limited to single entity attributes and 1-hop changes, graph-based alerts can be generated on complex, deep network patterns that occur within the knowledge graph. This capability allows for complex and flexible alert logic to be created, such as “alert me when a financial link is created between a specific crypto account and specific organisation”, or “alert me when known affiliates post on social media and these posts are engaged with, as in liking or sharing”.

Alert me when known affiliates post on social media and these posts are engaged

Let’s look at an alerting example aiming to monitor suspicious terrorist activity on social media. Here the user is interested in any content related to extremism and racism, with a violent tone or negative sentiment. Using natural language processing, it becomes possible to analyse the underlying context and meaning within these posts. Scores like Sentiment, Tone and Threat can be extracted from the post. Additionally, the extent to which a particular post goes viral can serve as a robust indicator of the level of support and acceptance of the post’s topic within its specific social group.

In this example, an alert has been set to monitor a group of suspects’ social media posts. Using Hume’s alerting functionality, the alert trigger was set to: Alert me when a terrorist suspect is posting content on social media that is related to extremism and racism, and it has a violent tone, a negative sentiment, a threat score of over 75% and a viral reach over 100.

Alert me when a financial link is created between specific crypto account and specific organisation

Let’s examine an automated alerting example using the terrorist organisation monitoring use case. The aim is to unveil any financial links between identified cryptocurrency accounts and associates of terrorist organisations. Say a large sum of funds has been traced to a suspicious cryptocurrency account, and the focus is on determining whether this account is involved in financing a terrorist group. Is there any possible way these two entities may be financially connected with one another? Pathfinding examples such as this one are where graph-based alerts shine. Graph databases allow easy and efficient implementation of pathfinding algorithms that would otherwise be resource intensive if not impossible with traditional relational databases.

In this specific case, the alert is triggered for indirect transactions between the known crypto account and the cyber-terrorist organisation. On the left-hand side of the sub-grap is a crypto account that is known to be connected to a cyber-terrorist organisation backed by the authoritarian regime. The association was made from a previous ransomware attack performed by APT33 on a civilian company. On the right-hand side, the chain of relationships (crypto transfers) indicates that Galactic Innovations Corp supports the ATP33 cyber-terrorist organisation.The alerting logic was flexible enough to identify and alert on this interaction, even when the connection was indirect.


GraphAware’s expertise and thought leadership in graph technologies have consistently delivered exceptional value to intelligence agencies worldwide. With a decade of practical experience and a strong consulting background in deploying and integrating graph intelligence solutions, they are a trusted partner to numerous law enforcement and intelligence agencies across the globe.

Join their upcoming webinar to learn how Knowledge Graphs can unveil terrorist sleeper cells from OSINT, phone forensics and government data or schedule a meeting and visit them at stand 4 K089 at Milipol Paris 2023 from 14-17 November for live demo.

Leave a Comment

Your email address will not be published. Required fields are marked *