BOBCAT
Accelerating Intelligence Analysis
Feature Article: Five Steps to Finding and Stopping the True Terrorist Threat

by Jessica Bradley
January 2008

[This article is an abridged version of a white paper by the same name. To immediately download the full text version, go to http://bobcatonline.com/whitepaper.html ]


In this article, we provide an overview of techniques developed by the Decisive Analytics Corporation (DAC) to find and stop the true terrorist threat.  These five steps, captured in our BOBCAT approach for intelligence analysis, can:

  • Process massive amounts of structured and unstructured data and quickly identify themes of activities that are occurring.
  • Identify relationships between entities in the data that may otherwise go unnoticed.
  • Enable analysts to focus on what data is important and ask questions that result in accurate conclusions faster than ever before.

Attacking the Network Case Study

To showcase the techniques that we have developed in BOBCAT we provide a case study.  In this example, we asked our intelligence analyst, Jim, to analyze the data using BOBCAT and provide results.  The purpose of this blind test was to answer two questions:

  • How long would it take for an analyst to use BOBCAT to arrive at detailed conclusions from a previously unanalyzed set of intelligence reports?
  • How accurate would the results be as compared to the known truth? 

The end goal was to create a presentation that we could use to brief our Commanders on the situation. The rest of this white paper focuses on how Jim reached the answers to the above questions.

Step 1: Process Raw Unstructured Intelligence Reports

To start the analysis, Jim ran the intelligence data through BOBCAT to identify themes, networks, and locations of activities.  At this stage, BOBCAT Themes has analyzed each report, identified the number of themes present, and placed each report into one or more themes based on their content.  Themes are automatically created based on no prior user input. Additionally, intelligence reports can be categorized across multiple themes (they are not restricted to just one). This is particularly important with intelligence data that can cross multiple subjects of discussion.

Step 2: Characterize Themes in Readable Form

Jim quickly found that because he could easily see how much a given report contributed to a theme, he only needed to read the one or two reports most strongly associated with each theme.  By doing this, he was able to understand why the words were categorized in the original theme visualization, and he could easily assign readable titles to each theme for easy recall.  Jim quickly had a broad understanding of the 12 key themes present in the intelligence data.  This is much less time than would have been required to obtain a similar breadth of understanding by reading all of the reports. 

Step 3: Questions and Answers

Through the process of coming to understand the themes covered in the text, Jim was able to generate focused queries using the BOBCAT application. For example, one theme focused on a school, so Jim ran a more focused query (“school”) that returned 6 relevant reports.  By skimming these, Jim learned that maps found in the home of a suspected insurgent, Al-Obeidi, had red circles around likely targets for an attack.  One was a hospital in Yarmuk, while the other was a primary school in Bayaa. He asked other questions like these and was able to quickly draw useful conclusions about the content of the data.

Step 4: Identifying Relationships between Entities and Themes

At this point, Jim felt he had a good understanding of the themes that present in the intelligence data, the key events that have been identified, and some of the key characters.  However, he did not have a clear picture of how all of these characters and events were related.  To get that picture, Jim turned to the BOBCAT Networks capability.  BOBCAT Networks relies on the output of Themes to generate an “affinity” view.  Affinity is defined as the strength of the relationship between two entities that are identified in the data.  In this context, an entity could be a person, place, or organization..  The affinity driven metric captures all of the complexity associated in such social relationships and, if not managed correctly, can be difficult to interpret (sometimes referred to as the “hairball problem”).  Jim was able to analyze the network and discover the meaning behind the relationships found in the data.

Step 5: Actionable Intelligence

Through this analytical process using BOBCAT, Jim concluded that two suspected insurgents, Al-Obeidi and Mashhadan, were close to executing a liquid explosives attack which was probably directed at the primary school in Bayaa, although there was some chance that the hospital in Yarmuk was the target.  Furthermore, he determined that an ambulance would be the most likely means to deliver the explosives.  Jim was also able to provide details on other key people that were involved in planning, training for, and executing the attack.  The time required to reach this conclusion, as measured from connecting to the set of intelligence data to final analytical product delivered, was 1 hour and 11 minutes; far less than the several hours required to read all of these reports individually and draw connections among the disjoint themes.

Summary and Conclusions

We presented these results to a panel of military experts who knew the background story behind the scenario.  Their feedback indicated Jim’s conclusions were all correct, and that we had successfully gained enough actionable intelligence to prevent the attack in about an hour’s time.  This prevention occurred by using the five step analytical approach that we have encapsulated in the BOBCAT approach. 

I look forward to your feedback on this article.

Jessica
jessica.bradley@dac.us

 

Subscribe To This Newsletter

Email:

 

 

 
bobcatonline.com © 2004-2007