Covert Network Detection

SpeakerDr. Steven Smith
Organization Massachusetts Institute of Technology
LocationMRC 136
Start Date June 9, 2014 1:00 PM
End Date June 9, 2014 2:00 PM


Network detection is an important capability in many areas of applied research in which data can be represented as a graph of entities and relationships. Oftentimes the object of interest is a relatively small subgraph in an enormous, potentially uninteresting background. This characteristic of the problem can cause it to be labeled as a "big data" problem.  Graph partitioning and network discovery have been major research areas over the last ten years, driven by interest in internet search, cyber security, social networks, and criminal or terrorist activities.  The specific problem of covert network discovery is addressed as a special case of graph partitioning in which membership in a small subgraph of interest must be determined and an emphasis is placed on the hard problem of detecting covert networks, which across application domains are strictly compartmented and adopt secure conops to avoid detection and adapt to losses. An exploitation architecture designed to use Multi-INT for network discovery is presented with a motivating example. Algebraic graph theory is used as the basis to analyze and compare different network detection methods.  A new Bayesian network detection framework is introduced that partitions the graph based on prior information and direct observations. The new approach, called space-time threat propagation, is proved to maximize the probability of detection and is therefore optimum in the Neyman-Pearson sense.  This optimality criterion is compared to spectral community detection approaches that divide the global graph into subsets or communities with optimal connectivity properties. We also explore a new generative stochastic model for covert networks and analyze using receiver operating characteristics the detection performance of both classes of optimal detection techniques. Detection performance results consistent with theory are provided using both stochastic blockmodel simulations of covert networks embedded in a large background, and threat networks from real-world MOVINT and Email networks.



Steven Thomas Smith received the B.A.Sc. degree in electrical engineering and mathematics from the University of British Columbia, Vancouver, BC in 1986 and the Ph.D. degree in applied mathematics from Harvard University, Cambridge, MA in 1993. From 1986 to 1988 he was a research engineer at ERIM, Ann Arbor, MI, where he developed morphological image processing algorithms. He is currently a senior member of the technical staff at MIT Lincoln Laboratory, which he joined in 1993. His research involves algorithms for adaptive signal processing, detection, and tracking to enhance radar and sonar systems performance. He has taught signal processing courses at Harvard and for the IEEE. His most recent work addresses intrinsic estimation and superresolution bounds, mean and variance CFAR, advanced tracking methods, and space-time adaptive processing algorithms. He was an associate editor of the IEEE Transactions on Signal Processing (2000-2002), and received the SIAM outstanding paper award in 2001.

  June 2014
Sun Mon Tues Wed Thu Fri Sat