Threat Intelligence and Monitoring

The second Blog Post in our new series is provided by our partner Engineering

Social media today plays a very essential role in in any citizens’ daily life influencing their communication dynamics and in offering them quick and secure mechanisms to share information, ideas and opinions, interests, and knowledge. Statistics show that the current world population is 8 billion, according to UN estimation in November 2022, whereas internet users are almost 5 billion. The power of social networking is steadily growing that the number of worldwide users is almost 4.7 billion monthly active social media users by July 2022 [1]. People discuss everything from the pointless to clear-cut threatening conversations and actions. All of this happens though, across dozens of Social Media channels. Unfortunately, apart from the previous conveniences provided by the social networks, they have a darker side to cast. In fact, misuse of social networks is something that should be seriously considered.  

In a recent study [2], it has been stated that about 90% of terrorist activities online are conducted via social media platforms while 76% of UK terrorists engage on the internet to research and strategize their actions. For this reason, analysing social media may be very useful for the military, defence, and public security in terms of safety to prevent and/or mitigate terrorist attacks. For this reason, Social Media Intelligence (SOCMINT) is becoming an effective means to support law enforcement agencies (LEAs) in the monitoring of social media, blogs, and forums to identify any suspicious content and potential terrorist threat. In fact, continual monitoring of social media platforms has been pointed out by security practitioners and policymakers as part of a comprehensive intelligence strategy to protect EU citizens and their business activities. 

Developments within APPRAISE 

Within the framework of APPRAISE, a threat intelligence tool named ThINT has been developed to identify and analyse potential threats emanating from social media platforms. ThINT is designed with two objectives, each addressing critical aspects of threat identification and mitigation.  

The first goal relays around developing data fusion techniques to aggregate and fuse data obtained from real sensors. These sensors encompass a diverse range, including reports submitted by citizens through the crowd app, as well as detections from microphones or cameras. Data fusion is the process of integrating multiple data sources to produce more consistent, accurate, and useful information than that provided by any individual data source. This integration aims to yield information that is more consistent, accurate, and ultimately more valuable than that derived from any individual data source alone. Raw data streaming in from the various sensors are meticulously collected and aggregated. This process results in the generation of highly accurate alerts, which are then disseminated to end-users and LEAs. The aim is to provide timely and precise information that aids in proactive decision-making and threat response. 

The second goal of ThINT involves applying advanced threat intelligence methodologies to navigate the landscape of social networks, deep web, and dark web. By employing state-of-the-art techniques rooted in natural language processing (NLP) and text understanding, the tool identifies and classifies threats embedded within textual data. This approach is crucial in unveiling potential menaces to soft targets, as the tool scrutinizes and interprets the nuanced language used in various online platforms. ThINT's proficiency in NLP allows it to decipher complex linguistic patterns, thereby enhancing its capability to discern and categorize potential threats in a dynamic and ever-evolving online environment. 

Benefit for the protection of public spaces  

The development and implementation of the ThINT tool within the APPRAISE framework offer significant benefits for the protection of public spaces. First, it can process vast amounts of data at high speed, thus automating the analysis of online discussions and identifying potential threats more efficiently than manual methods. No specific inputs from users are required, only the lists of social posts extracted from a set of crawlers. Second, the new developed models for natural language understanding and NLP used in ThINT tool can identify context, idiomatic expressions, and nuances in language that are crucial for accurately identifying subtle signs of extremism and threats in online content. Third, since terrorism is a global issue, discussions often take place in various languages. The usage in ThINT of the state-of-the-art deep learning models that can be re-trained with multiple language datasets that enhances the scope and effectiveness of threat detection. Fourth, ThINT has been deployed with the possibility to run deep learning algorithms on GPUs offering real-time monitoring of online discussions, enabling swift responses for emerging threats and reducing the potential for harm. Finally, ThINT tool is a very general purpose tool. In fact, changing the training dataset, it is possible to switch from one domain to another one (e.g., from terrorism to cyber-attack). 


[1] 1 Kemp, S., Digital 2022: Global Overview report, 2022 - 

[2] Medina, R. M., Social network analysis: A case study of the Islamist terrorist network, Secur. J. 27(1) (2014) 97–121.