B. Specific Terrorist Network Analy

B. Specific Terrorist Network Analysis Techniques
Terrorist networks are covert networks. Covertness is the major difference between terrorist and regular social networks. In terrorist network, ties between participants are usually strong, but not transparent and visible in every day routine. Relations are long-term; participation in a terrorist plot requires a high level of trust in the network. Terrorist networks are often “sleeping”; they are prepared, but remain inactive. This way they are more difficult to uncover.
As Krebs [8] noticed, a covert network must be active at times. It is during these periods of activity that they may be most vulnerable to discovery. Social networks in covert organizations tend to structure themselves towards better efficiency or robustness [9]. According to the definition of efficiency in [10], the most efficient network is a clique of the size of the network (a complete graph with density equal to 1). Yet, this structure makes the terrorist networks vulnerable to detection. If one suspect is uncovered, observation of this suspect allows investigators to determine all suspects that are connected to this suspect. Hence, the whole network would be easily disrupted. This example shows that terrorist networks cannot operate in the same way as regular social networks. Terrorists want to keep their actions (attacks are an exception) and relations hidden from the public. According to Baker and Faulkner [11], the need for secrecy is crucial to covert networks. Thus, terrorist networks have to find a balance between efficiency and secrecy.
What then determines the secrecy of a network? Lindelauf et al. [3] proposes a measure of secrecy which is defined by two parameters: the exposure probability and the link detection probability. The exposure probability applies to individual nodes and depends on the location in the structure. It is defined as the probability of a member of the network to be detected as a terrorist. Link detection probability represents the chance of exposure of a part of the network if a member is detected.
Considering the above measure of secrecy, the safest structure of a terrorist network would be a path graph, where all the nodes know only two neighboring nodes. Looking at this structure from an information exchange perspective, the weakness is obvious. Information has to travel a long distance from one part of the network to another and that decreases the efficiency of the network. The lower the efficiency, the worse communication and coordination in the network – to the point when launching successful operation becomes impossible.
According to the definition in [10], efficiency is a measure to quantify how efficiently the nodes of a network can
exchange information. To calculate the efficiency of network, all the shortest path lengths between any pair of nodes in the graph must be calculated. The assumption is made that every link can be used to transfer information in the network. The efficiency is calculated in two parts: (1) the inverse of the sum of the shortest paths between any pair of nodes are calculated; (2) the result from (1) is divided by the possible number of pairs of nodes to find the average efficiency of the network.
Various measures used in TNA will be exemplified below by describing them in relation to the 9/11 hijackers and
associates network presented in [8] (Figure 1).