Terrorists are continuously learning to use the Internet as an accessible and cost-effective information infrastructure. Secure and non-secure web sites, online forums, and file-sharing services are routinely used by terrorist groups for spreading their propaganda, recruiting new members, and communicating with their supporters, along with sharing knowledge on forgery, explosive preparation, and other “core” terrorist activities. The current number of known terrorist sites and active extremist forums is so large and their URL addresses are so volatile that a constant manual monitoring of their multilingual content is definitely out of the question. Moreover, terrorist web sites often try to conceal their real identity, e.g., by masquerading themselves as news portals or religious forums. This is why automated Web Intelligence and Web Mining methods are so important for efficiently securing the Web against its misuse by terrorists and other dangerous criminals.

This book contains chapters by the key speakers of the NATO Advanced Research Workshop on Web Intelligence and Security that took place on November 18-20, 2009 in Ein-Bokek, Israel. The goal of the Advanced Research Workshop was to bring together scientists and practitioners interested in recent developments in exploiting data and text mining techniques for countering terrorist activities on the Web. The emphasis was placed on presenting available methods and tools that can alleviate the information overload of intelligence and security experts. The main areas of discussion included terrorism origins, the threats of the “Dark Web”, web content mining and Open Source Intelligence (OSI), text mining and data mining methods for security applications, and methods of Financial Intelligence (FI) for stopping terror financing activities. State-of-the-art solutions and open problems in the defense against web-based crime were highlighted by world-renowned experts in intelligence and security informatics (ISI) from eight NATO countries, three Partner countries, and one Mediterranean Dialogue country. The videos of all presentations are posted on the Workshop website (http://cmsprod.bgu.ac.il/Eng/conferences/nato2009/). The Workshop was attended by 44 participants from 15 countries.

Similar to the Workshop program, this volume is organized into three main parts: Terror and the Dark Web, Web Content Mining and Open Source Intelligence, and Data and Text Mining for Security. A brief overview of each part is provided below.

Part I, Terror and the Dark Web, discusses the current and future threats of the Internet misuse by terrorists and other malicious elements. These threats include hardly predictable (“black swan”) events caused by cyberterrorism (Chapter 1 by A. Kandel), new ways of terror financing as a result of the worldwide finance crisis (Chapter 2 by J. Bollag), the increasing use of social networking tools by terrorists (Chapter 3 by G. Weimann), the “Virtual Jihad” as the source and the “trigger” of the “Real Jihad” (Chapter 4 by Sh. Shay), and highly effective cyber attacks based on a variety of “social engineering” tricks (Chapter 5 by A. Barseghyan).

Part II, Web Content Mining and Open Source Intelligence, presents state-of-the-art algorithms and tools aimed at detecting and monitoring malicious activities on the Web. Several web-based early warning systems and multi-lingual information extraction tools are described by C. Best in Chapter 6. An ontology-driven information extraction approach to discovering extremist groups from the Dark Web is presented by Hladky et al. in Chapter 7. The problem of Internet traffic monitoring poses new challenges and research directions, which are discussed by B. Porat and E. Porat in Chapter 8. Chapter 9 by G. Margarov describes data hiding using steganography and some steganalysis techniques for detecting such hidden information. Finally, a new approach to detecting Internet banking fraud and money laundering transactions is presented in Chapter 10 by M. H. Özçelik and E. Duman.

Part III, Data and Text Mining for Security, covers several data mining and text mining methods that can be used to efficiently analyze the massive amounts of multi-lingual Web content. These methods include data stream mining algorithms (Chapter 11 by J. Gama et al.), visual analytics techniques (Chapter 12 by D.A. Keim et al.), fuzzy system models (Chapter 13 by I. B. Türkşen), fuzzy logic approaches to database querying (Chapter 14 by J. Kacprzyk and S. Zadrożny), query log analysis (Chapter 15 by R. Baeza-Yates), natural language understanding tools (Chapter 16 by D. Roth), automated summarization of multilingual textual content (Chapter 17 by M. Last and M. Litvak), and semantic web applications (Chapter 18 by V.F. Khoroshevsky).

Acknowledgements

We are grateful to the NATO Science for Peace and Security Programme for their generous support of the Advanced Research Workshop on Web Intelligence and Security and the publication of this book. We are also grateful to the Homeland Security Research Institute, Ben-Gurion University of the Negev, Israel who has sponsored the videotaping of the Workshop presentations. We thank all key speakers and other Workshop participants for making it such a successful event. Our special thanks go to Ms. Keren Solomon, the Workshop Secretary, for her hard and remarkable work before, during and after the Workshop.

Mark Last and Abraham Kandel

June 2010