Analyzing Deviant Socio-Technical Behaviors Using Social Network Analysis and Cyber Forensics-Based Methodologies

Samer Al-Khateeb, Muhammad Hussain, Nitin Agarwal

Research output: Chapter in Book/Report/Conference proceedingChapter


In today’s information technology age our thinking and behaviors are highly influenced by what we see on our smartphone screens, e.g., watching fake or Photoshopped image of a well-known individual makes some of us think it is true, but in many cases it is not. Misinformation is rampant. Complimented with the availability of inexpensive and ubiquitous mass communication tools, such as social media, conducting deviant acts becomes both convenient and effective. For instance, deviant groups use social media to coordinate cyber campaigns in order to achieve strategic goals, influence mass thinking, and steer behaviors or perspectives about an event. In this chapter, we represent two case studies, i.e., Daesh (ISIS/ISIL: Islamic State in Iraq and Syria/Levant) and Novorossiya. Each contains three events that we studied to analyze situational awareness of the real world information environment in/around those events. We introduce the methodology we followed to analyze each of the events and highlight the findings. The findings were obtained from eight datasets collected during the study. The chapter employs computational social network analysis and cyber forensics informed methodologies to study information competitors who seek to take the initiative and the strategic message away from the main event in order to further their own agenda (via misleading, deception, etc.). Through cyber forensics analysis, we have extracted metadata associated with propaganda-riddled websites. The extracted metadata assisted in extracting the social network information (i.e., friends and followers) and communication network information (i.e., network depicting flow of information such as tweets, replies, retweets, mentions, hyperlinks, etc.) among the actors. Through computational social network analysis, we identify influential actors and powerful groups coordinating the disinformation campaign. As a final step, we study the cross media affiliation by extracting all the blogs that were mentioned in the tweets and obtained from cyber forensics techniques to feed them to our developed Blogtrackers tool that has the ability to analyze blogs’ data where narratives can be formed easily as the authors do not have the 140 message characters imposed by Twitter.

Original languageEnglish (US)
Title of host publicationBig Data Analytics in Cybersecurity
PublisherCRC Press
Number of pages18
ISBN (Electronic)9781498772167
ISBN (Print)9781498772129
StatePublished - Jan 1 2017

All Science Journal Classification (ASJC) codes

  • Economics, Econometrics and Finance(all)
  • Business, Management and Accounting(all)
  • Computer Science(all)


Dive into the research topics of 'Analyzing Deviant Socio-Technical Behaviors Using Social Network Analysis and Cyber Forensics-Based Methodologies'. Together they form a unique fingerprint.

Cite this