Detecting significant changes in dark networks

Abstract

To date, most social network analyses (SNAs) of terrorist groups have used network data that provide snap-shots of the groups at a single point in time. Seldom have they used network data that take into account how the groups have changed over time. In this article, a unique longitudinal network data set, the Noordin Top terrorist network from 2001 to 2010, is examined in order to explore whether a recently developed method – social network change detection (SNCD) – can help analysts monitor a dark network’s topography (e.g. centralization, density, degree of fragmentation) in order to detect significant changes in its structure and identify possible causes. The application of change detection to this historical data set illustrates the method’s potential usefulness, including its ability to detect significant changes in the network in response to a series of exogenous factors, such as the acquisition of bombing materials, the capture of key leaders and groups, and the death of Noordin himself. The method’s inability to detect other significant events, however, highlights important limitations when working with it. While SNCD should not be the only method analysts have at their disposal, the results detailed in this article suggest that it should be included in their toolkit.