Bayesian Discovery of Threat Networks
This addresses the problem of detecting covert threat networks for security applications, representing a novel methodological contribution.
The authors developed a Bayesian framework for detecting threat networks using partial observations, proving their algorithm is optimal in the Neyman-Pearson sense and demonstrating significant performance improvements on coordinated covert networks.
A novel unified Bayesian framework for network detection is developed, under which a detection algorithm is derived based on random walks on graphs. The algorithm detects threat networks using partial observations of their activity, and is proved to be optimum in the Neyman-Pearson sense. The algorithm is defined by a graph, at least one observation, and a diffusion model for threat. A link to well-known spectral detection methods is provided, and the equivalence of the random walk and harmonic solutions to the Bayesian formulation is proven. A general diffusion model is introduced that utilizes spatio-temporal relationships between vertices, and is used for a specific space-time formulation that leads to significant performance improvements on coordinated covert networks. This performance is demonstrated using a new hybrid mixed-membership blockmodel introduced to simulate random covert networks with realistic properties.