Defence, Intelligence and Homeland Security

The uses of IntuView technology in the fields of Defense, Intelligence and Homeland Security are manifold: Document Exploitation (DOCEX) and Content Forensics of captured digital storage media, Open Source Intelligence (OSINT), Cyber Threat Monitoring, Social Media Monitoring in theatres, Improvised Explosive Device (IED) recipe identification, Social Media monitoring, Name Matching and more.

 

DOCEX

In counter-terrorism operations, tens of millions of documents are seized or intercepted annually. Western intelligence agencies, militaries, and law enforcement agencies face a need to efficiently and rapidly extract information of high intelligence value contained in such documents and to pass the intelligence on for operational exploitation. However, existing methods of triage and intelligence extraction are too slow, labor-intensive and miss cultural and religious allusions that may be the key to future dangers.

IntuScan™ DOCEX for Homeland Security is designed to assist the user to find the most relevant documents out of a large batch of documents. The users can define the characterization of a relevant document using all the information extracted by the system. IntuScan™ DOCEX for Homeland Security can be used both in the field, where real-time triage and first tier exploitation of the captured and intercepted documents is imperative and at Headquarters where masses of documents must be processed and analyzed together.

 

Social Media Monitoring 

The IntuView Social Media Monitor can be applied as follows:

  • Mapping of the individuals, organizations, and places that are in the focus of the various groups and the elements that are involved in the discourse and the co-relationships between them.

  • Identification of foreign fighters –by use of their parent tongues or references. This could support analysis of the involvement of foreign fighters and the national origins of those fighters and the extent of their links and projection back to their home countries, which may lead to terrorist recruitment or destabilization.

  • Mapping of relations - between the groups and within them through co-references of persons, places, and organizations and sentiment to provide a picture of clusters of actors in the field by individual identity or type. This would provide not only a static picture but also a basis for analysis over the period of the pilot.

  • Analysis of the leadership and command and control within the different groups. This will include relations of command and control, hostility, family-tribe, mentors-follower, etc.

  • Analysis of sentiment of the rank and file of the different factions vis-à-vis their leadership, the regime and other involved parties.

  • Mapping of targets, missions (“near enemy” or “far enemy”) and short-term and long-term goals of the objects of analysis.

 

Cyber Threat Monitoring

The requirements of cyber-threat intelligence call for an “all-source” discipline for collection, taking into account, OSINT, social media, HUMINT reporting, indicators from the cyber-environment itself and, finally, extrapolation from analysis of the adversary to identify its possible course of action in cyber-aggression. 

Crawling/scraping technologies play a critical part in this task, especially in the collection on the “Deep Web” and the “Dark Web”. The IntuView ontological based text analytics is tailored to the domain of cyber threats and combines the understanding of natural language with components for an understanding programming language. This includes:

  • Categorisation of natural language texts in different languages (English, Russian, Chinese, Arabic, Farsi, etc.) as relating to the cyber/hacking domain and – in further detail – to a certain type of cyber threat.

  • Performing full processing of the texts themselves to extract the actual topic and intent of the text. This task entails building both the ontology of the domain and the idiosyncratic lexicon of the hacker “sub-register” of the languages. Since hacking and cyber threats are a “globalized” domain, one of the challenges is to identify concepts that are either “translated” or “transliterated” from “Hackerenglish” to “Hackerrussian” and other hybrid language registers.

  • Cyber-Language Processing, along with the lines of traditional NLP, for programming languages, based on lexicons of programming languages that are linked to the cyber ontology. Snippets of code then will become lexical instances that are linked to one or more ontological instances. This enables identification of typical commands and snippets of programming in correspondence and matching them with information from the natural language text can give indications of the possibilities that the text is dealing in a certain type of attack.

  • Ontology-based domain-specific classification of the texts.

 

 

IED

Instructions for building munitions – from simple personal arms to improvised explosive devices, and even CBRN weapons – are ubiquitous on the Internet and are conveyed in various channels (Email, SMS etc.). Identification, interpretation, and assessment of the operational implications of such materials are prime missions of intelligence and law enforcement agencies. IntuView technology is applied to the identification of potential recipes for explosives.

The IntuScan™ IED Module of IntuScan™ detects, analyzes, categorizes and summarizes documents containing instructions (recipes) for the preparation of improvised explosive devices. This module is based on propriety algorithms, which identify chemical substances, procedures, safety measures and amounts and match them with a large and comprehensive database of known "recipes" for improvised explosives used by terrorists.