Interoperability and Targeted Attacks on Terrorist Organizations Using Intelligent Tools from Network Science

Abstract

The early intervention of law enforcement authorities to prevent an impending terrorist attack is of utmost importance to ensuring economic, financial, and social stability. From our previously published research, the key individuals who play a vital role in terrorist organizations can be timely revealed. The problem now is to identify which attack strategy (node removal) is the most damaging to terrorist networks, making them fragmented and therefore, unable to operate under real-world conditions. We examine several attack strategies on 4 real terrorist networks. Each node removal strategy is based on: (i) randomness (random node removal), (ii) high strength centrality, (iii) high betweenness centrality, (iv) high clustering coefficient centrality, (v) high recalculated strength centrality, (vi) high recalculated betweenness centrality, (vii) high recalculated clustering coefficient centrality. The damage of each attack strategy is evaluated in terms of Interoperability, which is defined based on the size of the giant component. We also examine a greedy algorithm, which removes the node corresponding to the maximal decrease of Interoperability at each step. Our analysis revealed that removing nodes based on high recalculated betweenness centrality is the most harmful. In this way, the Interoperability of the communication network drops dramatically, even if only two nodes are removed. This valuable insight can help law enforcement authorities in developing more effective intervention strategies for the early prevention of impending terrorist attacks. Results were obtained based on real data on social ties between terrorists (physical face-to-face social interactions).

1. Introduction

Terrorism continues to be a persistent and intricate threat to global stability, compelling modern states to allocate substantial resources toward devising effective counter-terrorism measures. Law enforcement agencies face critical questions that demand immediate and accurate answers—chief among them is the research question this paper aims to address: which intervention strategy would be the most effective to prevent a possible terrorist activity? While scholars from various disciplines have offered varying solutions to this complex issue, our study takes an innovative approach by employing intelligent tools from network science. These tools, such as real-time recalculated network centrality measures, provide a nuanced understanding of the fluid and dynamic nature of terrorist organizations. By leveraging these intelligent tools, this paper seeks to offer law enforcement authorities targeted, adaptive, and empirically validated counterterrorism strategies that are effective in real-world scenarios.

Terrorism is a complex phenomenon that has attracted global attention, especially after the 9/11 attack [1,2]. Despite the recent research activity in the field, there is still a significant knowledge gap, about the relationship between terrorism and psychiatric disorders, radicalization processes, and the effectiveness of preventative measures [3,4,5]. Today’s terrorism research is mainly focused on transnational and homegrown terrorism [1,2,6]. The term “radicalization” is frequent in the counter-terrorism terminology. However, it presents interpretive ambiguities and questions the balance between addressing violent extremism and promoting societal cohesion [3]. The groupthink phenomenon adds further complexity, challenging rational choice theory in the sense that certain social groups may adopt terrorism due to irrational decision-making [4]. In response to these complexities, counter-terrorism strategies should be comprehensive and evidence-based [3,5,6]. In this context, the role of social media platforms in promoting societal cohesion and preventing the spread of extremist ideologies cannot be ignored [2]. Concerning Islamic terrorism, although invoking Islam, does not imply a direct connection with the religion itself. This kind of terrorism needs an exploration of the criminological, psychological, and social dimensions of radicalization [7,8,9,10,11,12,13]. The application of various criminological theories, including strain theory, social control, and differential association, provides valuable insights into radicalization [11,14]. However, the lack of empirical data is challenging [9]. Several nations, such as Australia, have already adopted policy measures to counter radicalization [8]. Lessons from crime prevention policy and practice inform these measures [15]. However, these efforts can create ‘suspect communities’ and civil rights abuses [8]. Addressing radicalization within the context of Islamic terrorism requires an integrated, multifaceted approach that considers psychological, criminological, and social perspectives [9]. Future research should focus on gathering more empirical data, aiming to develop evidence-based interventions that respect human rights and societal diversity [8,9,16].

Network Theory has already been applied successfully in studying terrorism [17,18,19,20,21,22,23,24,25]. In this context, terrorist organizations are mathematically modeled as networks of nodes (actors or groups of actors) and edges (relationships) [26,27]. Several applications of network theory to terrorism have advanced significantly the existing knowledge in this field [28,29,30]. The predictive power of social network analysis and novel classification methods are highlighted [31,32,33].

The fusion of network science, machine learning, data mining, and link analysis has led to innovative methodologies for evaluating, predicting, and countering terrorist networks [31,32]. New methods have been proposed to identify crucial players within terrorist networks and predict potential activities [34,35]. The increasing use of social media requires new approaches for analyzing and identifying influential nodes in terrorist networks [35]. Understanding the role of social ties is vital for preventing possible future terrorist activities [36,37]. Our previously published research on four real-world terrorist networks revealed the distinct social roles of individuals in terrorist organizations [38] and uncovered successfully some early signs of impending terrorist attacks [39]. The fusion of social network analysis and machine learning methods provides valuable insights into the structure, operation, and dynamics of terrorist networks [37,40,41,42,43,44,45,46,47].

In counterterrorism and law enforcement, our team contributed two groundbreaking papers. “Entropy and Network Centralities as Intelligent Tools for the Investigation of Terrorist Organizations” [48] and “Investigation of Terrorist Organizations Using Intelligent Tools: A Dynamic Network Analysis with Weighted Links” [49] both leverage mathematical tools to unlock the obscured behaviors and structure of terrorist organizations. The first paper utilizes entropy and network theory to discern the diverse roles within a terrorist organization and detect early signs of impending attacks. By mapping physical contacts within four real-world terrorist networks, the research uncovers distinctive roles linked to specific centrality values, and intriguingly, the imminent threat of an attack correlates with the evolutionary pattern of these centralities’ entropies. This illuminates an invaluable tool for law enforcement, empowering them to not only identify pivotal figures within terrorist cells but also predict an imminent attack through monitoring the evolution of the centralities’ entropies [48]. In a parallel vein, the second paper champions an innovative, quantitative, and unbiased methodology based on network theory to explore the distinct roles within terrorist organizations. Challenging the conventionally biased or subjective witness statements, it employs select global indices, such as density, small worldness, centralization, average centrality, and standard deviation of centrality, offering insights into the organizational structure and potential activity of terrorist groups. These indices, tested on four real-world terrorist networks, reveal the organization’s distinct roles and indicate possible impending activities [49].

Concerning network attacks related to terrorist organizations, three key papers were found in the relevant literature, namely: (a) [41] where a model for assessing network robustness with non-real data was studied, (b) [46] where attacks on the air transportation network of a terrorist organization were studied, and (c) [47] where attacks on the online social network of ISIS foreign fighters was studied.

Even though significant work has been conducted in this field, there is still no “action plan” for the early prevention of imminent terrorist attacks, tested with real data of social ties, which can be applied by law enforcement authorities in real-world conditions. As a result, the research purpose of this paper is to address the following research question: Which attack strategy (node removal) is the most damaging to terrorist networks, making them fragmented, and therefore unable to operate under real-world conditions?

The rest of the paper is organized as follows. In Section 2, we present the methodology, the datasets, and the proposed network attack strategies. In Section 3, we present the results of our analysis, and we discuss them in Section 4. Finally, in Section 5 we summarize the key conclusions of our work.

2. Methodology, Attack Strategies and Datasets

Law Enforcement Authorities presuppose that any terrorist organization is a connected network (there is always a path between every pair of nodes). If the terrorist organization has isolated nodes (“lone wolves”) or isolated groups of nodes, then these distinct terrorist threats are treated as different terrorist organizations [50,51,52,53,54,55].

Interoperability, a fundamental concept in systems design, is the capacity of distinct systems, devices, or components to exchange and effectively utilize information in a cooperative manner [56]. According to the Institute of Electrical and Electronics Engineers (IEEE), interoperability is explicitly defined as “the ability of two or more systems or components to exchange information and to use the information exchanged” [57,58]. This definition implies that for systems to be interoperable, they must not only be capable of exchanging data but also interpreting and using that data in a meaningful way. Clear and unambiguous descriptions of characteristics and abilities are essential to ensure that the data is computationally interpretable [56]. The concept of interoperability extends beyond pure system functionality and includes aspects of cooperative behavior and shared understanding. For instance, NATO defines “interoperability” as the ability of Allies to act together coherently, effectively, and efficiently to achieve tactical, operational, and strategic objectives [59]. In this context, interoperability entails the ability for forces, units, and/or systems to operate together, share common doctrine and procedures, and leverage each other’s infrastructure and bases. Therefore, it transcends the scope of mere data exchange and becomes a facilitator of shared understanding and collaborative action. Ultimately, interoperability enables large scale systems to function smoothly, reducing duplication, enabling resource pooling, and creating synergies, leading to improved efficiency and effectiveness [59]. It is therefore a critical characteristic in large-scale systems design and management, impacting both system performance and cooperative ability.

In Network Theory, the Giant Component of a network is the largest connected component, containing a significant fraction of nodes of the entire network [60]. We denote the size of the giant component with$C$. For a connected network of $N$ nodes, the size of the giant component is equal to$N$, i.e., $C=N$. The size of the giant component can reflect quantitatively the above Law Enforcement Assumption in the following sense. If $C$ is decreasing significantly after removing—“neutralizing” a few intelligently selected nodes, then the terrorist network is considered fragmented, and therefore unable to operate under real-world conditions. We define the Interoperability $I_r$ of a terrorist network, after sequentially removing $r$ nodes, as:

$$I_r=\frac{C_r}{C_0}$$

where:

$C_0$ is the initial size of the giant component, without any attack (node removal)

$C_r$ is the size of the giant component after $r$ sequential attacks (removals of nodes)

The above definition of Interoperability is actually the normalized index (taking values from 0 to 1) of the giant component size$C_r$, with respect to the initial-maximal size $C_0$. In this way, we can effectively compare several attack strategies (node removals) on terrorist networks with different giant component sizes.

We examine several attack strategies for sequentially removing nodes, based on different centrality criteria, reflecting distinct social roles in terrorist networks [48]:

(i) 

randomness (random node removal, averaging the results of 1000 interactions),

(ii) 

high strength centrality (participators),

(iii) 

high betweenness centrality (mediators),

(iv) 

high clustering coefficient centrality (team leaders),

(v) 

high recalculated strength centrality,

(vi) 

high recalculated betweenness centrality,

(vii) 

high recalculated clustering coefficient centrality

We also examine a greedy algorithm [61,62,63,64], which removes the node corresponding to the maximal decrease of Interoperability at each step.

The delineation of specific roles among the members within an organization is an integral part of the definition of a terrorist organization, according to common legal standards adopted by European Union member states [65,66]. These standards include four criteria for characterizing a group of individuals as a criminal organization: (a) An association of three or more individuals. (b) The presence of a structured organization with a hierarchy is characterized by clear differentiation in roles, including leadership, team leadership, and functional team members. (c) Engagement in criminal acts is subject to imprisonment. (d) Sustained duration of criminal activity. While law enforcement authorities typically find it straightforward to detect the execution of particular criminal deeds (condition c), recognize associations among persons (condition a), and observe the temporal evolution of criminal behavior (condition d), the verification of distinct roles within a criminal organization (condition b) often proves to be a complex and challenging task [50,51,52,53,54,55,67].

Centralities represent metrics that reflect the significance of each node, arising from the topology of links [17,18,23,48,68,69,70,71,72]. The prominence of nodes is determined by ranking them based on their centrality values. There are over a hundred such indicators that locally pertain to each individual node [17,18]. In this paper, the proposed strategies (ii)–(iv) pertain to the sequential removal of nodes with the highest values in strength centrality, betweenness centrality, and clustering coefficient. The mathematical definitions of these indicators are provided subsequently:

The degree of node $i$ in a network of order $N$, is the number of connections of the node $i$ and takes values from $0$ to $N-1$. The value $0$ indicates the absence of links and there are no self-loops. The normalized degree is the degree of centrality [48,60,73]:

$${DEG}_{\kappa }=\frac{{\sum }_{\lambda =1}^N{a}_{\kappa \lambda }}{N-1},$$

where:

$a_{\kappa \lambda }$ is the $\kappa \lambda$—element of the adjacency matrix [17,18,60] of the network.

In the case of weighted networks, the weighted degree is known as strength [17,18,60]: ${DEG}_{\kappa }^{\left[w\right]}=\frac{{\sum }_{\lambda =1}^N{w}_{\kappa \lambda }}{N-1}$.

Betweenness centrality is a well-known index from Network Theory, which captures the role of “mediator”, allowing information to pass from one part of the network to the other. In other words, Betweenness centrality measures the ability of a node to act as a “bridge” between different network modules [18,48,74]. The betweenness centrality ${\mathrm{B}}_{\kappa }$ of node $\kappa$ is defined as the sum of proportions of all shortest weighted paths (geodesics) between pairs of other nodes (except node $\kappa$) that pass through node $\kappa$:

$${\mathrm{B}}_{\kappa }=\frac{1}{(N-1)(N-2)}·\sum _{\begin{array}{c}\lambda =1\\ \lambda \ne \kappa \end{array}}^{{\rm N}}\sum _{\begin{array}{c}\mu =1\\ \mu \ne \kappa \end{array}}^{{\rm N}}\frac{{\sigma }_{\lambda \left(\kappa \right)\mu }}{{\sigma }_{\lambda \mu }}$$

where ${\sigma }_{\lambda \left(\kappa \right)\mu }$ is the number of shortest weighted paths (geodesics) between nodes $\lambda$ and $\mu$ (with $\kappa \ne \lambda$ and $\kappa \ne \mu$) that pass through node $\kappa$, while ${\sigma }_{\mathsf{\lambda }\mathsf{\mu }}$ is the total of shortest weighted paths (geodesics) between nodes $\lambda$ and $\mu$. The shortest weighted paths (geodesics) are identified on the transformed weight matrix: $-\ln \left(w_{\kappa \lambda }\right)$ [75]. Term $\frac{1}{(N-1)(N-2)}$ normalizes the betweenness index in order to take values in the interval$[0,1]$.

The neighborhood density of a node indicates the extent to which its first neighbors are linked to each other. The neighborhood density of node $i$, also known as the clustering coefficient of node $\kappa$ is calculated from the formula [18,48]:

$${clu}_{\kappa }=\frac{2E_{\kappa }}{{\mathcal{v}}_{\kappa }({\mathcal{v}}_{\kappa }-1)},$$

where$E_{\kappa }$ is the number of links between the first neighbors of node $\kappa$ and ${\mathcal{v}}_{\kappa }$ is the number of first neighbors of node $\kappa$.

The distinct social roles of nodes of the network according to the selected relevant criteria are assessed by the values of the corresponding centralities. For example, in the cooperation network of the employees of a company, the nodes with high degrees are the popular employees or the employees with many responsibilities. Betweenness centrality identifies the employees who act as mediators between different employees. The team players or teamworking nodes are the employees with a high clustering coefficient [48].

Greedy algorithms operate on the principle of finding a locally optimal solution at each step, with the aspiration that these local optima will collectively yield a global optimum. At each iteration, the choice that seems most advantageous at that specific moment is selected, without accounting for its long-term implications [61,62,63,64]. In the context of our study, the greedy algorithm functions by removing the node that results in the maximum possible decrease in Interoperability $I_r$ at each step, irrespective of the future consequences of this choice.

For example, for the first node to be removed$\left(r=1\right)$, the greedy algorithm will remove node $\kappa$, if the removal of this node minimizes Interoperability $I_1$. To be more specific, we provide below a brief description of how the greedy algorithm works (

Table 1. Brief description of the greedy algorithm.

Initial Values $r=0$ $I_r=I_0=1$ ${\mathcal{V}}_s=\mathcal{V}$ ${\mathcal{V}}_r=\varnothing$	$r$ is the number of removed nodes $I_r$ is the Interoperability of the network after sequentially removing $r$ nodes. Initially, for $r=0$, we have $I_r=I_0=1$ $\mathcal{V}$ is the set of nodes-vertices of the network ${\mathcal{V}}_s$ is the set of surviving nodes-vertices ${\mathcal{V}}_r$ is the set of removed nodes-vertices
Iterative Loop While $I_r\ne 0$: $r⟵r+1$ Remove node $\kappa$, if $I_r\left(\kappa \right)=\underset{\mu \in {\mathcal{V}}_s}{\mathrm{m}\mathrm{i}\mathrm{n}}\left\{I_r\left(\mu \right)\right\}$ ${\mathcal{V}}_s⟵{\mathcal{V}}_s-\left\{\kappa \right\}$ ${\mathcal{V}}_r⟵{\mathcal{V}}_r+\left\{\kappa \right\}$ $I_r⟵I_r\left(\kappa \right)$	$I_r\left(\mu \right)$ is the Interoperability after sequentially removing $r$ nodes, where the $r$-th node, is node $\mu$: $I_r\left(\mu \right)=\frac{C_r\left(\mu \right)}{C_0}$ where: $C_0$ is the initial size of the giant component, without any node removal. $C_r\left(\mu \right)$ is the size of the giant component after sequentially removing $r$ nodes, where the $r$-th node, is node $\mu$.

).

Taking into account Table 1, the output of the greedy algorithm is the set ${\mathcal{V}}_r$ of the $r$ sequentially removed nodes, which is actually an ordered list, where the order matters. In addition, we acquired the corresponding ordered list ${\left\{I_r\right\}}_{r=0,1,2,\dots }$ of the Interoperability values of the network. The above procedure starts on a fully connected network, and it is iteratively applied, until the network becomes completely fragmented, i.e., no connections exist (all nodes are isolated,$I_r=0$). It is crucial to highlight that greedy algorithms do not always produce a globally optimal solution [61,63,76].

For strategies (ii)–(iv), the calculation of nodes’ centralities is realized only once at the beginning. On the contrary, for strategies (v)–(vii) with recalculation, the calculation of nodes’ centralities is realized again after each attack-removal, due to the change of the network structure. We investigate several attack strategies on four real terrorist networks, which are briefly presented in Table 2.

Acquiring data on physical, face-to-face, social interactions among terrorists is a formidable challenge. This is because this kind of data are almost always classified or inappropriate for academic research [50,51,52,53,54,55]. Unlike most studies in this area, which rely on data from social media interactions [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91], our work is grounded on real-world social ties among terrorists, namely physical face-to-face interactions. This kind of data is more reliable because social media interactions can be used for deliberately sharing false realities, aiming to mislead law enforcement agencies [92,93,94,95,96]. Also, physical, face-to-face, social interactions among terrorists are valuable for law enforcement agencies, aiming to “neutralize” key influential terrorists. On the contrary, data on social media interactions cannot be utilized for such operations [51,52,53,54,55]. Of course, there is always some possibility of unobserved or hidden nodes and connections, unknown even to law enforcement agencies. This case is out of the scope of this first exploratory work. Despite these limitations, it is crucial to derive insights based on the available data, as would be the practice in law enforcement operations. This study utilizes data drawn from two open-access databases: the John Jay and ARTIS Transnational Terrorism Database (JJATT) from John Jay College of Criminal Justice [97] and the Center for Computational Analysis of Social and Organizational Systems (CASOS) at Carnegie Mellon University [98]. The datasets comprise information on four distinct terrorist organizations originating from different countries. These organizations exhibit the following shared attributes: (a) radical Islamic ideologies primarily drive their members, (b) their period of activity spans from the mid-1980s to the mid-2000s, (c) the datasets represent networks of physical contacts, and (d) the data includes a temporal element. The data are presented via coded identifiers representing individual organization members; the real names corresponding to these codes are unknown to the researchers. The first organization under consideration is the “Jamaah Islamiah Section of Indonesia” [99], which was under surveillance by the Indonesian police from 1985 to 2007 [100]. Its most notable act of terrorism occurred in 2004, with a major bombing of the Australian embassy in Jakarta, causing significant casualties [101]. The data illustrate the interactions of 27 organization members across 11 distinct periods [99]. The second organization is the “Hamburg Cell,” monitored by U.S. and German intelligence services from 1985 to 2006 [102]. Members of this organization are believed to have played a significant role in orchestrating the 9/11 terrorist attacks [103]. The dataset documents the activities of 34 organization members over 15 time periods [102]. The third organization, “Al-Qaeda Section of Madrid,” was under the watch of Spanish security services from 1985 to 2006 [104]. The organization’s most devastating attack was carried out in 2003 when an explosive device was detonated on a train, resulting in numerous casualties [105]. The data details the activities of 54 organization members across 14 time periods [104]. The fourth organization, “Jamaah Islamiah Section of the Philippines,” was under surveillance by the Philippine security services from 1985 to 2006 [106]. This organization demonstrated high activity levels, with many bombings, the largest of which occurred in 2000 [53]. Notably, an attempt to carry out a substantial terrorist attack in 2005 was thwarted by a timely intervention from the security services [107]. The dataset reveals the activities of 16 organization members over 14 consecutive periods [106].

The early intervention of law enforcement authorities to prevent an impending terrorist attack is of utmost importance to ensuring economic, financial, and social stability. From our previously published research, the time of an impending terrorist attack can be timely revealed. More specifically, the violent fluctuations of betweenness centralization are a clear early sign of an impending terrorist attack [49]. Betweenness centralization is defined as [49,74]:

$$\mathrm{B}=\frac{\sum _{\kappa =1}^{{\rm N}}\left(\underset{\nu =\mathrm{1,2},\dots ,{\rm N}}{\max }\left\{{\mathrm{B}}_{\nu }\right\}-{\mathrm{B}}_{\kappa }\right)}{N-1},$$

where:

${\mathrm{B}}_{\kappa }$ is the betweenness centrality of node κ.

Based on this finding, we select the best time-year for a network attack, i.e., for removing nodes (Table 2).

Table 2. Brief description of the 4 real terrorist networks.

Network	Terrorist Organization	Number of Nodes	Year of Significant Terrorist Attack	Selected Year for Removing Nodes
1	“Jamaah Islamiah Section of Indonesia” [99,100]	27	2004	2003
2	“Hamburg Cell” [102,103]	34	2001	2000
3	“Al-Qaeda Section of Madrid” [104,105]	54	2003	2002
4	“Jamaah Islamiah Section of the Philippines” [106,107]	16	2004	2003

Table 2. Brief description of the 4 real terrorist networks.

Network	Terrorist Organization	Number of Nodes	Year of Significant Terrorist Attack	Selected Year for Removing Nodes
1	“Jamaah Islamiah Section of Indonesia” [99,100]	27	2004	2003
2	“Hamburg Cell” [102,103]	34	2001	2000
3	“Al-Qaeda Section of Madrid” [104,105]	54	2003	2002
4	“Jamaah Islamiah Section of the Philippines” [106,107]	16	2004	2003

3. Results

The sequence of nodes removed per strategy for each terrorist organization is presented in Table 2,

Table 3. This table shows the sequential removal of nodes in the network of the terrorist organization ‘Jamaah Islamiah Section of Indonesia’. The several strategies for node removal are based on selected centrality metrics, including a greedy algorithm. The coded node identifiers (e.g., X1579) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

Sequential Node Removal in “Jamaah Islamiah Section of Indonesia”
	Strength Centrality	Betweenness Centrality	Clustering Coefficient Centrality	Strength Centrality Recalculated	Betweenness Centrality Recalculated	Clustering Coefficient Centrality Recalculated	Greedy Algorithm
Attack	Node	Node	Node	Node	Node	Node	Node
0	0	0	0	0	0	0	0
1	X1579	X1556	X1504	X1579	X1556	X1506	X1561
2	X177	X1561	X1563	X1595	X1580	X801	X1580
3	X1595	X1590	X1570	X1590	X1590	X1574	X1579
4	X1590	X1553	X1574	X1582	X1579	X1570	X1553
5	X1553	X1580	X801	X177	X1582	X1563	X577
6	X1556	X1579	X1506	X1580	X177	X1504	X1509
7	X1562	X1595	X177	X1562	X1595	X177	X177
8	X1580	X1562	X1553	X1556	X1562	X1561	X800
9	X1582	X1509	X1561	X1558	X1506	X1556	X1504
10	X1504	X1582	X1579	X1563	X801	X1558	X1507
11	X1561	X577	X1556	X1570	X1558	X1534	X1556
12	X1563	X177	X1562	X1553	X1534	X802	X1562
13	X1574	X1504	X1582	X1506	X802	X598	X1563
14	X577	X1563	X1595	X801	X598	X1595	X1570
15	X1570	X800	X1580	X1534	X1574	X1590	X1574
16	X598	X1507	X577	X802	X1570	X1582	X1582
17	X801	X1570	X800	X598	X1563	X1580	X1590
18	X1506	X1574	X1507	X1574	X1561	X1579	X1595
19	X800	X598	X1509	X1561	X1553	X1562
20	X1509	X802	X1590	X1509	X1509	X1553
21	X1534	X1534	X598	X1507	X1507	X1509
22	X1558	X1558	X802	X1504	X1504	X1507
23	X1507	X801	X1534	X800	X800	X800
24	X802	X1506	X1558	X577	X577	X577

,

Table 4. This table shows the sequential removal of nodes in the network of the terrorist organization ‘Hamburg Cell’. The several strategies for node removal are based on selected centrality metrics, including a greedy algorithm. The coded node identifiers (e.g., X1017) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

Sequential Node Removal in “Hamburg Cell”
	Strength Centrality	Betweenness Centrality	Clustering Coefficient Centrality	Strength Centrality Recalculated	Betweenness Centrality Recalculated	Clustering Coefficient Centrality Recalculated	Greedy Algorithm
Attack	Node	Node	Node	Node	Node	Node	Node
0	0	0	0	0	0	0	0
1	X64	X65	X1030	X64	X65	X1035	X65
2	X62	X60	X1032	X62	X64	X1032	X60
3	X1005	X61	X1035	X1005	X61	X1030	X61
4	X60	X62	X1017	X65	X62	X63	X1005
5	X61	X64	X1016	X61	X1005	X66	X63
6	X65	X1005	X66	X60	X60	X1017	X64
7	X66	X58	X63	X57	X66	X1016	X62
8	X57	X1017	X58	X63	X57	X60	X57
9	X63	X650	X60	X1017	X1039	X58	X58
10	X1016	X1016	X62	X1032	X1035	X62	X66
11	X1017	X57	X1005	X1012	X1034	X1005	X650
12	X1012	X66	X64	X1016	X1033	X650	X1011
13	X58	X1012	X61	X1039	X1032	X64	X1012
14	X1032	X1035	X1012	X1035	X1031	X1039	X1016
15	X650	X63	X65	X1034	X1030	X1034
16	X1030	X1011	X57	X1033	X1017	X1033
17	X1011	X1015	X650	X1031	X1016	X1031
18	X1015	X1030	X1011	X1030	X1015	X1015
19	X1034	X1031	X1015	X1015	X1012	X1012
20	X1035	X1032	X1031	X1011	X1011	X1011
21	X1039	X1033	X1033	X650	X650	X65
22	X1031	X1034	X1034	X66	X63	X61
23	X1033	X1039	X1039	X58	X58	X57

and

Table 5. This table shows the sequential removal of nodes in the network of the terrorist organization ‘Al-Qaeda Section of Madrid’. The several strategies for node removal are based on selected centrality metrics, including a greedy algorithm. The coded node identifiers (e.g., X3136) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

Sequential Node Removal in “Al-Qaeda Section of Madrid”
	Strength Centrality	Betweenness Centrality	Clustering Coefficient Centrality	Strength Centrality Recalculated	Betweenness Centrality Recalculated	Clustering Coefficient Centrality Recalculated	Greedy Algorithm
Attack	Node	Node	Node	Node	Node	Node	Node
0	0	0	0	0	0	0	0
1	X3136	X3132	X3135	X3136	X3132	X3165	X3141
2	X3132	X3141	X3142	X3132	X3136	X3156	X3134
3	X3157	X3137	X3156	X3141	X3161	X3142	X3179
4	X3138	X3162	X3165	X3157	X3141	X3135	X3135
5	X3142	X3159	X3143	X3160	X3159	X3143	X3138
6	X3134	X3136	X3157	X3138	X3157	X3157	X3132
7	X3143	X3161	X3140	X3161	X3138	X3140	X3136
8	X3156	X3134	X3138	X3180	X3160	X3138	X3137
9	X3179	X3160	X3161	X3165	X3165	X3161	X3140
10	X3140	X3179	X3137	X3143	X3153	X3136	X3162
11	X3141	X3143	X3132	X3159	X3180	X3159	X3142
12	X3161	X3157	X3179	X3153	X3179	X3160	X3153
13	X3135	X3138	X3136	X3179	X3162	X3153	X3143
14	X3137	X3135	X3134	X3162	X3156	X3180	X3156
15	X3160	X3140	X3141	X3156	X3143	X3179	X3160
16	X3153	X3142	X3162	X3142	X3142	X3162
17	X3162	X3156	X3180	X3140	X3140	X3141
18	X3180	X3180	X3153	X3137	X3137	X3137
19	X3165	X3153	X3160	X3134	X3134	X3134
20	X3159	X3165	X3159	X3135	X3135	X3132

. The damage of each strategy is evaluated in terms of Interoperability$I_r$. The results are presented for the 4 terrorist networks (Figure 1, Figure 2, Figure 3 and Figure 4), illustrating the Interoperability$I_r$, after removing $r=0,1,2,\dots$ nodes, sequentially. The comprehensive numerical results, along with the calculations for the centrality measures, greedy algorithms, and betweenness centralization, are provided in the Supplementary Material (Tables S1–S4). We also present a set of illustrative figures to visualize the changes in network structures based on recalculated betweenness, as per attack strategy (vi). (Figure 5, Figure 6, Figure 7 and Figure 8). The animated GIFs for all examined strategies are provided in the Supplementary Material (S5–S8). Data analysis was manually programmed using the R programming language to ensure full customization in addressing the specific problem under investigation. Subsequent relevant computations and result interpretation were automated through a prototype software developed in R (v. 4.3.1).

In Table 3, we present the sequential removal of nodes in the network of the terrorist organization “Jamaah Islamiah Section of Indonesia”. The several strategies for node removal are based on selected centrality metrics, namely strength, betweenness, clustering coefficient, and the corresponding recalculated versions of them. We also test a greedy algorithm which removes the node corresponding to the maximal decrease of Interoperability $I_r$ at each step. The coded node identifiers (e.g., X1579) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

While the sequence of removing nodes differs significantly between the different strategies, some nodes appear frequently in the early stages of removal across multiple strategies, suggesting their key role within the network (X1580, X1579).

In Table 4, we present the sequential removal of nodes in the network of the terrorist organization “Hamburg Cell”. The several strategies for node removal are based on selected centrality metrics, namely strength, betweenness, clustering coefficient, and the corresponding recalculated versions of them. We also test a greedy algorithm which removes the node corresponding to the maximal decrease of Interoperability $I_r$ at each step. The coded node identifiers (e.g., X64) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

While the sequence of removing nodes differs significantly between the different strategies, some nodes appear frequently in the early stages of removal across multiple strategies, suggesting their key role within the network (X65, X1005).

In Table 5, we present the sequential removal of nodes in the network of the terrorist organization “Al-Qaeda Section of Madrid”. The several strategies for node removal are based on selected centrality metrics, namely strength, betweenness, clustering coefficient, and the corresponding recalculated versions of them. We also test a greedy algorithm which removes the node corresponding to the maximal decrease of Interoperability $I_r$ at each step. The coded node identifiers (e.g., X3136) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

While the sequence of removing nodes differs significantly between the different strategies, some nodes appear frequently in the early stages of removal across multiple strategies, suggesting their key role within the network (X3132, X3141).

In

Table 6. This table shows the sequential removal of nodes in the network of the terrorist organization ‘Jamaah Islamiah Section of the Philippines’. The several strategies for node removal are based on selected centrality metrics, including a greedy algorithm. The coded node identifiers (e.g., X1567) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

Sequential Node Removal in “Jamaah Islamiah Section of the Philippines”
	Strength Centrality	Betweenness Centrality	Clustering Coefficient Centrality	Strength Centrality Recalculated	Betweenness Centrality Recalculated	Clustering Coefficient Centrality Recalculated	Greedy Algorithm
Attack	Node	Node	Node	Node	Node	Node	Node
0	0	0	0	0	0	0	0
1	X153	X159	X189	X153	X159	X1564	X162
2	X162	X151	X650	X162	X153	X1549	X151
3	X163	X162	X1502	X1567	X1567	X1502	X153
4	X1567	X1567	X1549	X163	X162	X650	X155
5	X183	X153	X1564	X183	X151	X189	X159
6	X151	X155	X183	X151	X183	X159	X1567
7	X155	X163	X163	X159	X163	X1567	X163
8	X1549	X183	X155	X1564	X587	X183	X183
9	X1564	X189	X159	X189	X1564	X163	X1549
10	X159	X650	X1567	X587	X1549	X155
11	X1502	X1502	X162	X1549	X1502	X153
12	X189	X1549	X151	X1502	X650	X587
13	X650	X1564	X153	X650	X189	X162
14	X587	X587	X587	X155	X155	X151

, we present the sequential removal of nodes in the network of the terrorist organization “Jamaah Islamiah Section of the Philippines”. The several strategies for node removal are based on selected centrality metrics, namely strength, betweenness, clustering coefficient, and the corresponding recalculated versions of them. We also test a greedy algorithm which removes the node corresponding to the maximal decrease of Interoperability $I_r$ at each step. The coded node identifiers (e.g., X153) correspond to unique members of the organization and are consistent with the encoding practices of the JJATT and CASOS databases.

While the sequence of removing nodes differs significantly between the different strategies, some nodes appear frequently in the early stages of removal across multiple strategies, suggesting their key role within the network (X162, X153, X151).

A meticulous analysis of Figure 1 provides invaluable insights into the effects of node removal strategies on the network integrity of the terrorist organization, “Jamaah Islamiah Section of Indonesia,” for the year 2003. The figure measures the network’s Interoperability ($I_r$) after sequentially removing $r=0,1,2,...,23$ nodes based on eight different attack strategies, which include Strength Centrality, Betweenness Centrality, Clustering Coefficient Centrality, and their recalculated variants, as well as a Greedy Algorithm.

One striking observation is the precipitous drop in interoperability when nodes are removed based on recalculated Betweenness Centrality. After the removal of only two nodes, the interoperability drops to a value of less than 0.5 ($I_{2,}<0.5)$, indicating rapid fragmentation of the network. This is in stark contrast to other strategies, such as Strength Centrality and Clustering Coefficient Centrality, which maintain higher levels of interoperability even after multiple node removals.

The Greedy Algorithm also results in a significant decline in interoperability, but not as rapidly as the recalculated Betweenness Centrality. It is evident that by the 9th attack, the interoperability falls to 0.1667, corroborating the efficacy of this algorithmic approach in dismantling the network.

Interestingly, the Betweenness Centrality strategy shows a steep decline in interoperability after the second node removal, reaching a value of 0.6667. However, this strategy is not as effective as its recalculated counterpart, further emphasizing the potency of recalculated metrics in disrupting the network.

In summary, Figure 1 strongly confirms the findings of this study that recalculated Betweenness Centrality is the most effective strategy for causing rapid network fragmentation, thereby incapacitating the terrorist organization. These insights could be pivotal for law enforcement agencies aiming to employ scientific tools in the fight against terrorism, allowing for more efficient and targeted interventions.

The analysis of Figure 2 offers a comprehensive understanding of the impact of various node removal strategies on the terrorist network known as the “Hamburg Cell” for the year 2000. This network’s interoperability ($I_r$) was measured after sequentially removing $r=0,1,2,...,23$ nodes based on eight different attack strategies.

One key observation is the catastrophic drop in interoperability when nodes are removed based on recalculated Betweenness Centrality. If five nodes are removed using this strategy, the interoperability of the network plummets to a mere 0.2 ($I_5$ = 0.2), indicating a swift fragmentation of the network. This sharp decline underlines the effectiveness of recalculated Betweenness Centrality in disrupting network integrity.

The Greedy Algorithm Strategy also shows promise in dismantling the network. By the 10th attack, interoperability drops to 0.0869, demonstrating its efficacy in network disruption, albeit not as rapidly as the recalculated Betweenness Centrality.

Contrastingly, other strategies like Strength Centrality and Clustering Coefficient Centrality show a slower rate of decline in network interoperability. For instance, after five nodes are removed using Strength Centrality, the interoperability is still at a relatively high level of 0.7391, suggesting that this strategy is less effective in immediate network fragmentation.

Notably, strategies like Betweenness Centrality also cause a significant decline in interoperability but not as dramatically as its recalculated counterpart. By the fifth attack, interoperability reaches 0.5652, which is significantly higher than the 0.2174 observed when using recalculated Betweenness Centrality.

In summary, Figure 2 provides compelling evidence that recalculated Betweenness Centrality is the most potent strategy for rapid network fragmentation in the case of the “Hamburg Cell.” This information could be invaluable for law enforcement agencies using scientific approaches to disrupt the organizational structures of terrorist networks.

The analysis of Figure 3 provides an in-depth understanding of the impact of different node removal strategies on the terrorist network “Al-Qaeda Section of Madrid” for the year 2002. This network’s interoperability ($I_r$) was measured after sequentially removing $r=0,1,2,...,23$ nodes based on eight different attack strategies.

The most striking observation is the near-complete collapse of the network’s interoperability when nodes are removed based on either recalculated Betweenness Centrality or recalculated Strength Centrality. According to the data, both strategies are equally effective in causing rapid network fragmentation. After removing just two nodes, the interoperability drops almost to zero ($I_2$ ≈ 0), indicating extreme vulnerability in the network’s structure to these particular attack strategies.

The Greedy Strategy also shows promise but is not as effective as the recalculated centrality metrics. By the tenth attack, interoperability drops to 0.15, which, while significant, is not as devastating as the almost zero interoperability caused by recalculated Betweenness and Strength Centrality.

Other strategies like Strength Centrality, Betweenness Centrality, and Clustering Coefficient Centrality also cause a decline in network interoperability but not as dramatically. For instance, after removing five nodes using Strength Centrality, the interoperability still stands at a relatively high 0.7. This suggests that these strategies are not as effective in causing immediate network fragmentation.

In summary, Figure 3 reveals that recalculated Betweenness Centrality and recalculated Strength Centrality are the most potent strategies for inducing rapid fragmentation in the case of the “Al-Qaeda Section of Madrid.” This is a critical insight for law enforcement agencies and researchers who aim to disrupt such networks using scientific tools.

The analysis of Figure 4 sheds light on the resilience and vulnerabilities of the “Jamaah Islamiah Section of the Philippines” terrorist network for the year 2003. Given that this network is relatively small, consisting of only 16 nodes, the impact of node removal across different strategies tends to be similar. This is reflected in the relatively close values of interoperability ($I_r$) across the eight attack strategies as nodes are sequentially removed.

Notably, the removal of nodes based on recalculated Betweenness Centrality appears to be equally or more harmful compared to other strategies. This is indicative of the effectiveness of using recalculated betweenness as a strategy for causing rapid network fragmentation. For instance, after removing 6 nodes based on recalculated Betweenness Centrality, the interoperability plummets to a mere $0.1429$, compared to $0.5714$ when nodes are removed randomly.

It is worth noting that the removal of nodes based on recalculated Clustering Coefficient Centrality results in a linear decrease in interoperability with the number of nodes removed. This is a unique characteristic in this particular dataset and could be attributed to the small network size.

In summary, Figure 4 suggests that despite the small size of the “Jamaah Islamiah Section of the Philippines” network, certain attack strategies, especially those based on recalculated betweenness, can be highly effective in fragmenting the network. The small network size makes most strategies somewhat effective, but recalculated betweenness stands out as particularly potent. The linear decrease in interoperability when using a recalculated Clustering Coefficient is also an interesting behavior that may warrant further investigation, especially in the context of small networks.

In scrutinizing the data presented in Figure 5, one observes a remarkable pattern of network degradation when implementing the attack strategy based on recalculated betweenness centrality. The series of nodes sequentially removed—starting from X1556 and proceeding through to X577 [Table 3]—indicates a tactical dismantling of the “Jamaah Islamiah Section of Indonesia” terrorist network. Upon the removal of the first two nodes, X1556 and X1580, a significant drop in the Interoperability of the network is already discernible. The network structure undergoes a palpable fragmentation, as evidenced by the increasing number of nodes turning pink, signifying their isolation from the main component. As the removal progresses to the 15th step, the network has been rendered largely non-operational. The nodes indicated in black, which have been removed, were clearly pivotal to the network’s operational integrity. This particular attack strategy, focusing on recalculated betweenness centrality, appears to be highly effective in disrupting the network’s capacity to function as a coherent unit. The insights gleaned from this figure stand as a testament to the potential efficacy of this approach in real-world counter-terrorism operations.

In Figure 6, the efficacy of the attack strategy based on recalculated betweenness centrality is further confirmed when applied to the “Hamburg Cell” terrorist network. The sequential removal of nodes, commencing with X65 and extending to X58 [Table 4], showcases a well-calibrated disruption of the network architecture. The nodes designated in black, which have been excised, are instrumental in maintaining the network’s structural integrity. Shortly after the removal of the initial nodes, X65 and X64, there was a noticeable decline in the network’s Interoperability. The network’s primary component begins to disintegrate, as indicated by the escalating number of nodes turning pink, symbolizing their subsequent isolation. Furthermore, the nodes that remain connected are highlighted in orange, and their dwindling number signifies the degradation of the network’s cohesion. By the time the fifteenth node is removed, the network has been substantially weakened, corroborating the effectiveness of this particular node-removal strategy based on recalculated betweenness centrality.

In Figure 7, the analytical focus shifts to the “Al-Qaeda Section of Madrid” terrorist network, where the application of the node-removal strategy based on recalculated betweenness centrality yields equally compelling results. Starting with the removal of node X3132 and progressing through to X3135 [Table 5], the network experiences a significant structural disintegration. Nodes marked in black, which have been removed, demonstrate their crucial roles in maintaining the network’s functional coherence. As early as the removal of the first two nodes, X3132 and X3136, a discernible decrease in the network’s Interoperability is evident. The network becomes increasingly fragmented, with a rise in nodes turning pink, signifying their isolation from the main component. The remaining connected nodes, denoted in yellow, also decline in number, attesting to the weakening of the network’s overall structure. By the sixteenth step of node removal, the network is largely ineffectual, corroborating the potency of the strategy focusing on recalculated betweenness centrality.

In Figure 8, the subject of analysis is the “Jamaah Islamiah Section of the Philippines” terrorist network. Here again, the application of the node-removal strategy based on recalculated betweenness centrality proves to be notably efficacious. The data series commences with the removal of node X159 and continues through to node X155 [Table 6]. As nodes marked in black are systematically excised from the network, their essential roles in sustaining the network’s functional integrity become evident. Notably, after the removal of just the first two nodes, X159 and X153, the network’s Interoperability already shows a marked decrease. The process of fragmentation is visually captured by the increasing number of nodes turning pink, indicating their isolation from the main component. Conversely, the nodes that remain connected to the network, represented in light blue, diminish in number as the attack progresses, further confirming the effectiveness of this particular node-removal strategy. By the completion of the twelfth step, the network is substantially incapacitated, largely affirming the merits of focusing on recalculated betweenness centrality as an attack strategy.

These findings are in harmony with those from the “Jamaah Islamiah Section of Indonesia”, “Hamburg Cell”, and “Al-Qaeda Section of Madrid” networks, further bolstering the argument for the universal efficacy of this approach.

4. Discussion

The goal of this work is to examine the vulnerability of four terrorist networks under random and targeted attacks (node removal), namely: the Jamaah Islamiah Section in Indonesia, the Hamburg Cell, the Al-Qaeda Section of Madrid, and the Jamaah Islamiah Section in the Philippines. By comparing the Interoperability scores in response to various node removal strategies, the following discussion provides actionable insights into the comparative efficacy of these methods. We focus on how these strategies can destabilize the network, ultimately offering valuable perspectives for counterterrorism initiatives.

From Figure 1 and Figure 5, and Table 3 of the Jamaah Islamiah Section of Indonesia we observe the following. Initially, the procedure begins with the maximal possible Interoperability score equal to 1, denoting a fully (100%) functional network. A rapid decline of Interoperability is observed in all strategies. Attacking nodes randomly results in a moderate, consistent drop of Interoperability with a final score of 0.0417 after 24 episodes. Attacking nodes based on strength centrality results in a dramatic drop to 0.0833 by the 4th attack. Attacks based on betweenness centrality damage the network by the 2nd attack, achieving a score of 0.6667. Attacks based on clustering coefficient centrality are the least effective, as the network shows resilience, having a stable score of 0.25 after many episodes. Dynamic recalculations of centrality metrics highlight that betweenness centrality is the most effective strategy, lowering the score to 0.0417 by the twelfth attack, while recalculated strength centrality and clustering coefficient centrality are less harmful. The network is highly vulnerable to targeted attacks based on betweenness centrality, especially when betweenness centrality is recalculated dynamically, implying that counterterrorism strategies should prioritize these nodes for disruption.

Several key differences emerge when comparing the network interoperability of the Hamburg Cell organization (Figure 2 and Figure 6 and Table 4) to that of the Jamaah Islamiah Section of Indonesia (Figure 1 and Figure 5 and Table 3). First and foremost, the Hamburg Cell network is remarkably more resilient to random node attacks. The Interoperability score in this scenario drops only to 0.043478261 after 19–20 attacks, indicating the robustness against random attacks, which is not present in the Jamaah Islamiah network. However, this resilience seems to diminish when we focus on targeted strategies. Specifically, while attacks based on high strength centrality are initially harmful, their effectiveness lowered significantly, requiring 20 attacks to reach the critical Interoperability score. However, the highest vulnerability is observed when attacking nodes with high betweenness centrality. In this case, six attacks can reduce the Interoperability to the same low point. Clustering coefficient centrality does not perform well in both networks, namely the Hamburg Cell network and the Jamaah Islamiah Section of Indonesia. A total of 23 attacks are required to achieve the same low score of 0.043478261, rendering it the least effective of the tested strategies. Interestingly, dynamic recalculations, which generally make strategies more effective for the Jamaah Islamiah network, do not offer the same advantage against the Hamburg Cell. For instance, the recalculated strength centrality is surprisingly less effective than strength centrality, and the recalculated clustering coefficient centrality still needs to be more effective. Only the recalculated betweenness centrality maintains its extreme efficacy, reducing the score after two attacks. These results suggest that while the Hamburg Cell network is generally more resilient against random attacks, it is vulnerable to targeted attacks. In particular, even without dynamic recalculations, targeted strategies focusing on nodes with high betweenness centrality could be remarkably effective.

Analyzing Figure 3 and Figure 7 and Table 5 concerning the Al-Qaeda Section of Madrid reveals a range of vulnerabilities and strengths regarding the network’s resilience to various attack strategies. Several points of comparison with the Hamburg Cell (Figure 2 and Figure 6, and Table 4) and the Jamaah Islamiah Section of Indonesia (Figure 1 and Figure 5, and Table 3) can be identified. Random node attacks show that the network’s Interoperability score drops to 0.05 after only 9–10 attacks. This indicates that the Al-Qaeda Section of Madrid is considerably less resilient to random attacks than the Hamburg Cell and even the Jamaah Islamiah Section of the Indonesia network. When targeting nodes based on strength centrality, the network shows an initial decrease in Interoperability but seems to stabilize at 0.05 after nine attacks. The recalculated strength centrality metrics show similar behavior, suggesting that while the network is quite robust against this strategy, it still has a significant level of vulnerability. Regarding betweenness centrality, the Al-Qaeda Section of the Madrid network appears to be highly vulnerable. The Interoperability score falls dramatically to 0.05 after nine attacks. Notably, the high network vulnerability is present even when the metrics are recalculated, with the score remaining at 0.05 after 20 attacks. Here, recalculated betweenness or recalculated strength are equally the most harmful strategies, as indicated in the relevant diagram. This leads to rapid network fragmentation, while interoperability drops almost to zero even when only two nodes are removed. Clustering coefficient centrality is the least effective attack strategy, as it takes 20 attacks for the Interoperability score to drop to 0.05, both in “static” and recalculated forms. This confirms that generally, it is a strategy with low efficiency. In summary, the Al-Qaeda Section of Madrid presents a mixture of results concerning network resilience. While it is relatively less resilient to random node attacks, it demonstrates specific strengths and weaknesses against targeted strategies. Specifically, the greatest weak point is its high vulnerability to targeted attacks with high betweenness centrality. This result holds even when metrics are recalculated. On the other hand, it shows a better resilience against clustering coefficient centrality attacks, similar to the other networks examined. The Al-Qaeda Section of Madrid, in particular, would be significantly fragmented if the nodes of high betweenness centrality were removed, highlighting the importance of targeted strategies over random attacks.

The results concerning the Jamaah Islamiah Section of the Philippines reveals some intriguing patterns (Figure 4 and Figure 8, and Table 5). However, it is important to note that the network size of this group is significantly smaller than other networks under consideration. This may introduce specific challenges when comparing the efficacy of various attack strategies. At the column of random node attack, where the experiment is running 1000 times, interoperability is relatively stable initially but decreases as more nodes are removed. Given the smaller network size, it is reasonable that the “correct” nodes—those significantly affecting network interoperability—are more likely to be targeted simply because fewer nodes exist. This could skew the results, making random attacks appear more effective in this particular setting than in larger networks. For Strength and Betweenness Centrality (recalculated or not) the interoperability also declines, though not always in the same manner. For instance, the impact on interoperability varies in the recalculated Strength and Betweenness Centrality attacks. This suggests that adaptive strategies may affect smaller networks differently than larger ones. In this smaller network, strategies involving Betweenness Centrality (recalculated or not) and Strength Centrality seem to impact significantly, leading to a rapid decline in interoperability. This could suggest that these strategies are particularly harmful in smaller networks, although it is tough to generalize this without additional data. The Clustering Coefficient Centrality (recalculated or not), also indicates a steady decrease in interoperability as nodes are removed. However, it does not drop as sharply as Betweenness and Strength Centrality. This could mean that this measure is less sensitive to the size of the network, but further research is needed to confirm this first impression. In summary, the size of this network could pose challenges for straightforward comparison with larger networks. Different attack strategies may yield different results depending on the network size, and smaller networks might be more vulnerable to certain types of attacks due to their limited structural complexity.

To sum up, from our findings concerning the four terrorist networks studied, it is clear that the strategy of recalculating betweenness centrality is the most effective in terms of interoperability. Although these networks manifest varying degrees of resistance to different kinds of attacks (random or targeted), the Achilles’ heel seems to be the nodes with high betweenness centrality, especially when recalculated dynamically. Our analysis demonstrates the effectiveness of this strategy in 3 out of 4 networks (Figure 1,Figure 2,Figure 3) and is equally or more harmful in the fourth network, despite its smaller size (Figure 4, 16 nodes, Table 2). These findings concerning vulnerability on real face-to-face terrorist networks, could serve as the cornerstone for counter-terrorism, aiming to network fragmentation. The importance of context-dependent factors, such as the size of the network and its inherent resilience characteristics, should be taken into account. Particularly revealing was the remarkable effectiveness of the recalculated betweenness centrality strategy in the largest network of our analysis (Figure 3, 54 nodes, Table 2). To optimize the effectiveness of the recalculated betweenness centrality, it is essential to update-recalculate the centrality score of each node after each removal, due to the dynamic nature of network structure. This highlights the necessity for law enforcement agencies to maintain real-time data concerning the ever-changing social ties among terrorists. Without timely updates, even a theoretically effective strategy could lose its effectiveness.

From Figure 1, Figure 2, Figure 3 and Figure 4, we observe that the implementation of the greedy algorithm outperforms most of the other attack methods investigated in this study. More specifically, the greedy algorithm reduces the Interoperability quickly, resulting eventually in zero Interoperability. On the other hand, the recalculated betweenness centrality does not result eventually into zero Interoperability but achieves a greater drop of Interoperability cumulatively after a few attacks. This finding makes the recalculated betweenness centrality the best attack strategy, because the goal of law enforcement authorities is to attack only a few nodes, resulting in the greatest possible drop of Interoperability. Zeroing out interoperability by attacking many nodes is not a realistic scenario for law enforcement authorities. It is interesting to note that the greedy algorithm performs better compared to all non-recalculated centrality strategies. The dynamic aspect of recalculation, concerning the betweenness centrality strategy, is the key factor for outperforming the greedy algorithm. This finding highlights the importance of real-time monitoring and updating the relevant data concerning terrorist networks. Another drawback of the greedy algorithm is that the nodes for removal are not characterized by some specific role in the terrorist organization. On the contrary, the excellent results of recalculated betweenness centrality in all networks examined, suggest strongly that “mediators” are the best targets. Therefore, we can conclude that the role of “mediator” is the best for attack, and this is our insight provided to the law enforcement authorities.

More specifically, when examining the reduction of Interoperability ($I_r$) to a level below 50% ($I_r\le 0.5$), it is observed that node removal based on recalculated betweenness centrality yields better results than the greedy algorithm (Figure 9). For instance, in the terrorist organization Jamaah Islamiah Section of Indonesia, Interoperability ($I_r$) values reach $\le 0.5$ after the removal of just two nodes based on recalculated betweenness centrality, while with the greedy algorithm, the value is higher at $\ge 0.6$. In the case of the Hamburg Cell terrorist organization, five node removals may be required, but the Interoperability ($I_r$) drops to $0.21$ using recalculated betweenness centrality, as opposed to $0.47$ with the greedy algorithm. The most striking results are observed in the Al-Qaeda Section of Madrid. In this organization, with the removal of just two nodes, Interoperability ($I_r$) drops to $\le 0.05$ using recalculated betweenness centrality, whereas it remains at $\ge 0.65$ with the greedy algorithm. Lastly, in the smaller terrorist organization Jamaah Islamiah Section of the Philippines, the Interoperability value is below $0.5$ after the removal of five nodes for both node removal strategies.

Finally, it is worth mentioning that strategies of random node removal are the least effective because they require the elimination of numerous nodes to achieve a remarkable drop in network interoperability score. This highlights the crucial role of pre-attack network analysis in identifying the most effective points for intervention. Ignoring such research could lead to inefficient outcomes. Therefore, the tailored, data-driven, recalculated betweenness centrality approach emerges as an effective strategy and valuable tool for counterterrorism interventions.

While our study provides valuable insights into the effectiveness of various node removal strategies for network fragmentation, it is important to clarify that we are not in a position to recommend specific methods for carrying out these removals. Decisions involving arrest, detention, legal procedures, or any other form of intervention are subject to ethical, legal, and sociopolitical considerations that lie outside the scope of this analysis. These decisions require expertise in law, criminology, sociology, and ethical studies and must be made by applicable local, national, and international regulations. Our focus is solely on the mathematical and network analysis aspects to aid counter-terrorism efforts from a theoretical standpoint.

Comparative Analysis with the Existing Literature

In the broader context of network science applied to counterterrorism, this study distinguishes itself in several noteworthy ways. While numerous studies have investigated targeted node removal strategies, the scope and methods often differ. For instance, research has been conducted on the effectiveness of various node removal strategies, but a majority of them rely heavily on synthetic or social media data [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91]. In contrast, the current study leverages real-world data from face-to-face interactions within terrorist networks, adding a layer of practical relevance not universally present in the literature.

Additionally, many existing studies focus on a singular aspect of network centrality, such as degree centrality or betweenness centrality, to identify key nodes for targeted attacks [108,109,110]. Our research goes beyond this by examining a comprehensive set of seven different centrality metrics, thereby providing a more nuanced understanding of how different strategies impact the network’s interoperability. This multi-metric approach has been explored less frequently in the existing literature [108,111,112,113]. The concept of ‘Interoperability’ as a measure for evaluating the effectiveness of node removal is also relatively unique to this study. Earlier works have primarily used measures like network efficiency [114,115,116]. Interoperability, as defined here, provides a more comprehensive understanding of how well parts of the network can still communicate after node removal, making it a robust metric for real-world application.

Furthermore, while some studies have employed machine learning algorithms for node classification and targeted removal [114,115,116,117,118], our study employs a greedy algorithm in addition to centrality-based strategies, thus offering a more diverse range of approaches for practical implementation [119,120,121]. Importantly, the current study is one of the few to apply its methodology to multiple real-world terrorist networks [48,49,99,102,104,106]. This allows for a more robust validation of the strategies discussed and adds to the generalizability of the findings.

In summary, this study contributes to the existing body of knowledge by its unique focus on face-to-face interaction networks, its comprehensive approach to node centrality, and its application to multiple, real-world terrorist networks. These distinctions not only enrich the academic discourse but also offer actionable insights for law enforcement agencies.

5. Conclusions

The primary objective of this investigation is to identify the most effective attack strategy on terrorist networks, aiming to neutralize their operational ability. More specifically, we focus on attacks involving face-to-face human networks, specifically bombings, hijackings, and assassinations, rather than cyber-security. Extending our previously published research [48,49], this study examines seven different node removal strategies based on several centrality criteria in four terrorist networks. Each attack strategy is evaluated based on “Interoperability”, estimated by the size of the giant component of the network. Unlike most studies in this area, which rely on data from social media interactions [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91], our work is grounded in real-world social ties among terrorists, namely physical face-to-face interactions [48,49,99,102,104,106].

5.1. Key Findings

• Effectiveness of Recalculated Betweenness Centrality: Removing nodes based on high recalculated betweenness centrality was found to be the most effective strategy in reducing Interoperability. The effectiveness of this strategy was observed universally across different-sized networks. The dynamic nature of recalculated betweenness centrality is the key factor for outperforming the greedy algorithm, highlighting the importance of updating network data, and reflecting the ever-changing nature of terrorist organizations. The above finding suggests strongly that nodes acting as “mediators” are the best targets, and this is our insight provided to the law enforcement authorities.
• Limitations of Random Node Removal: Random node removal was less effective, emphasizing the importance of targeted interventions based on topological network analysis with centralities.
• Impact of Network Size: While the main results hold for all four networks examined, the size of the network introduces nuances concerning the effectiveness of different strategies. This fact emphasizes the need for a tailored approach based on each network’s characteristics.
• Critical Nodes for Counterterrorism: Regardless of the network’s structure, nodes with high betweenness centrality consistently emerged as critical points of vulnerability and thus represent optimal targets for counterterrorism efforts.

5.2. Implications and Contributions

These findings offer actionable insights for law enforcement agencies, aiding the development of more precise, real-time intervention strategies. They also underscore the necessity for ongoing data updates to reflect the dynamic nature of terrorist organizations. Furthermore, our study brings forth ethical, legal, and sociopolitical dimensions that must be considered when translating these insights into practice.

5.3. Future Directions

Given the pioneering nature of this work, future research could delve deeper into more complex models and additional centrality metrics. As the field matures, a comparative framework involving various real-world networks could provide even more nuanced insights.

In summary, this study makes a substantial contribution to the development of more effective, targeted, and globally applicable counterterrorism strategies, fulfilling a pressing need for data-driven, real-world relevant interventions in this critical domain.