Available online at www.sciencedirect.

com
ScienceDirect
ScienceDirect
Procedia Computer Science 00 (2020) 000–000
Available online at www.sciencedirect.com
Procedia Computer Science 00 (2020) 000–000 www.elsevier.com/locate/procedia
www.elsevier.com/locate/procedia
ScienceDirect
Procedia Computer Science 176 (2020) 2010–2019

24th International Conference on Knowledge-Based and Intelligent Information & Engineering

24th International Conference on Knowledge-Based
Systems and Intelligent Information & Engineering
Systems
A recursive methodology for radical communities’ detection on
A recursive methodology for radical
social communities’ detection on
networks
social networks
Amal Rekika,b,*, Salma Jamoussia,b, Abdelmajid Ben Hamadoua,b
Amal Rekika,b,*, Salma Jamoussia,b, Abdelmajid Ben Hamadoua,b
a
Multimedia InfoRmation systems and Advanced Computing Laboratory, MIRACL, University of Sfax, 3021, Tunisia
a a
Digital
Multimedia InfoRmation systems andResearch Center
Advanced of Sfax Laboratory,
Computing DRCS, Sfax,MIRACL,
3021, Tunisia
University of Sfax, 3021, Tunisia
a
Digital Research Center of Sfax DRCS, Sfax, 3021, Tunisia

Abstract
Abstract
In the recent years, radical communities have become very aware of the enormous impact of social networks around the world.
Thus,
In the these
recentlatter areradical
years, being frequently
communities explored by thesevery
have become groups.
awareTherefore, penetrating
of the enormous into of
impact these communities
social networks by analyzing
around both
the world.
their interactions
Thus, these latter and their shared
are being content
frequently is a considerably
explored challenging
by these groups. taskpenetrating
Therefore, that servesinto
to counter the online radicalization.
these communities For
by analyzing both
this purpose,
their in this
interactions andpaper,
their we propose
shared a new
content is arecursive methodology
considerably for radical
challenging communities’
task that detection
serves to counter on social
the online networks based
radicalization. For
on the
this analysis
purpose, inand
thisextraction
paper, we of their violent
propose a new used vocabulary.
recursive Our methodology
methodology consists mainly
for radical communities’ on extracting
detection recursively
on social networksa based
set of
dangerous
on the analysisprofiles from Twitter
and extraction based
of their on their
violent usedsuspicious
vocabulary.interactions. Then, we
Our methodology analyze
consists theiron
mainly textual shared
extracting data in order
recursively to
a set of
construct a profiles
dangerous rich glossary containing
from Twitter their
based onviolent used vocabulary.
their suspicious This glossary
interactions. Then, weisanalyze
exploited andtextual
their enriched to detect
shared data recursively
in order to
radical communities.
construct Finally,
a rich glossary in ordertheir
containing to evaluate the performance
violent used vocabulary. of ourglossary
This methodology, we resort
is exploited and to an expert
enriched who verifies
to detect both
recursively
the list communities.
radical of the dangerous extracted
Finally, profiles
in order and the
to evaluate theviolent constructed
performance of ourglossary. The given
methodology, results
we resort show
to an the who
expert effectiveness and
verifies both
efficiency
the list of of theour method. extracted profiles and the violent constructed glossary. The given results show the effectiveness and
dangerous
efficiency of our method.
© 2019 The Author(s). Published by Elsevier B.V.
© 2020
This is anThe Authors.
open accessPublished
article by Elsevier
under B.V.
© 2019 The Author(s). Published bythe CC BY-NC-ND
Elsevier B.V. license (https://creativecommons.org/licenses/by-nc-nd/4.0/)
This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)
Peer-review
This is an under
open responsibility
access article underof KES
the CCInternational.
BY-NC-ND license
Peer-review under responsibility of the scientific committee of the(https://creativecommons.org/licenses/by-nc-nd/4.0/)
KES International.
Peer-review under responsibility of KES International.
Keywords: Social network analysis; Violent glossary construction; Suspicious interaction analysis; Radical communities’ detection.
Keywords: Social network analysis; Violent glossary construction; Suspicious interaction analysis; Radical communities’ detection.

1. Introduction
1. Introduction
Online radicalization has become nowadays a widespread peril and growing concern to the society threatening the
Online
public radicalization
security has
around the become
world. nowadays
In fact, studiesa[1]
widespread
show thatperil and platforms
various growing concern
of socialtonetworks
the society
arethreatening the
being misused
public security around the world. In fact, studies [1] show that various platforms of social networks are being misused
* Amal Rekik. Tel.: +2-162-994-0022.
E-mailRekik.
* Amal address: rekik.amal91@gmail.com
Tel.: +2-162-994-0022.
E-mail address: rekik.amal91@gmail.com
1877-0509 © 2019 The Author(s). Published by Elsevier B.V.
This is an open
1877-0509 access
© 2019 The article underPublished
Author(s). the CC BY-NC-ND
by Elsevier license
B.V. (https://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review
This under
is an open responsibility
access of KES
article under International.
the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of KES International.

1877-0509 © 2020 The Authors. Published by Elsevier B.V.

This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)
Peer-review under responsibility of the scientific committee of the KES International.
10.1016/j.procs.2020.09.237
 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019 2011
Amal Rekik / Procedia Computer Science 00 (2020) 000–000 2

for malicious intents such as spreading extremist agenda, inciting violence, promoting radicalization and recruiting
Jihadists members. Currently, such platforms have a huge global reach that make of them magnets mean for terrorists
to manufacture a process of online hate and pursue their ideological aims. So, given the perilous danger engendered
by the increased online presence of jihadists, automatically detecting radical communities on social networks is
considered today as one of the important themes of research in the data mining field. However, accomplishing such
task requires vocabulary and interactions analyzes in order to attempt better results. Actually, such field raises several
challenges to be addressed because of the vast amount of the data, and unstructured and noisy user-generated content.
In this context, we propose in this paper a novel framework to enable radical communities’ detection on social
networks based on their violent vocabulary extraction. For this purpose, our methodology proceeds by the extraction
of a set of profiles on social networks annotated by a domain expert as extremist and non-extremist users. Then, in
particular, our system performs three different tasks: (1) focusing precisely on shared textual content of the identified
users in order to extract the vocabulary appropriated to both radical and non-radical contexts (2) Analyzing the
interactions of radical users which consist on identifying vulnerable users that interact frequently with them. This task
permits penetrating to radical communities and thus reveal these overall dangerous organizations. However, this step
is not adequate to fully get a sense of extracting terrorist communities. So, to further enhance this (3) we estimate the
danger degree of each active user based on the previously collected vocabulary in order to identify extremists’ users.
The extracted violent glossary is exploited and enriched to detect recursively radical communities. Otherwise, the
analyzed content is generally shared in the Arabic language which raises additional requirements to be respected in
this context. Using a set of natural language processing and data mining techniques, our methodology attempts to
extract a set of dangerous profiles weighted by their danger's degree. In fact, exploring our methodology to detect
radical communities and extract violent vocabulary specific to violent discourses leads to discover various extremists'
users and contribute to the fight against terrorism.
The reminder of this paper is structured as follows: the next section is devoted for the description of the related
work. In section 3, we go into details of our proposed methodology for the recursive radical communities’ extraction
from social networks. Section 4 reports statistics of the collected vocabulary and the experimental results. We end up
with the conclusion and the future work in Section 5.

2. Related work

Extracting radical communities on social networks by analyzing their malicious content is considered today as one
of the most challenging tasks that interest researchers in the data mining field. Actually, this area is becoming
increasingly intriguing especially with the explosion of the online radicalization phenomena. For this purpose, we will
briefly spotlight on some state-of-the art literature with a particular attention on those that address the problem of the
extremists’ profiles analysis on social networks. LÓPEZ-SÁNCEZ et al. [2], proposed a novel framework that aims
to the automatic detection and monitoring of radicalization processes on Twitter. The system performs mainly two
different tasks: (1) Detects influential users with a radicalization agenda by starting from the retrieval of useful
information from the social network. Then, a collection of dictionaries containing words and communication patterns
used by radical users in different topics is used for the identification of radical users. Users whose tweets match the
dictionary, are registered to be analyzed. The most relevant users, according to a set of metrics are selected as possible
radical users. These potentially radical profiles are then verified by a human expert (2) Monitors the interactions of
confirmed radical users and estimates the risk of radicalization for vulnerable users that interact with them. Another
related approach was proposed by OUSSALAH in [3] for the online radicalization detection. In this research, authors
aim also for the hate speech and extremism identification from both Twitter and Tumblr datasets using natural language
processing techniques. This method is based mainly on: (1) Analyzing inherent characteristics of negative sentiment
in order to obtain a radicalization score. (2) Employing a machine learning approach based on hybrid KNN-SVM and
a variety of features including personality traits, emotions, linguistic and network related features. Authors, in [4],
proposed an approach that aims to identify extreme right communities on multiple social networking websites. To do
so, they investigate the potential of Twitter to act as one possible gateway to communities within the wider online
network of the extreme right. They accomplish a case study using two different datasets to investigate English and
German language right communities. They implement a heterogeneous network within a homogeneous network and
use four different social networking platforms as extreme right entities and edges are the possible interactions among
2012 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019
Amal Rekik / Procedia Computer Science 00 (2020) 000–000 3

these accounts. The potential of online radicalization through exposure to malicious extremists’ content on YouTube
was investigated by BERMINGHAM in [5]. Authors, during this research, collected a large dataset from a group
within YouTube identified as potentially having a radicalizing agenda. They combined social network analysis with
sentiment detection tools to study the agenda of radicals. So, they examined the topics discussed within the group and
what the sentiment polarity is towards these topics. The data collection and analysis stage consisted of a number of
steps: a YouTube crawl to gather relevant data, a network analysis of this data, and lexical analysis of the corpus to
inform the sentiment analysis of the documents gathered. The detection of extremists on the online networks was also
the focus of the research performed by FERRARA et al. in [6] where authors designed a Machine Learning framework
to detect extremist users levering temporal, network and meta-data features. This approach aims also to predict content
adopters and interaction reciprocity in social media. To do so, authors carried out three tasks: (1) to detect extremist
users, (2) to estimate whether regular users will adopt extremist content, and finally (3) to predict whether users will
reciprocate contacts initiated by extremists.
So, we can conclude that despite the numerous advantages offered by these proposed approaches, these latter have
several drawbacks. In fact, the majority of these related work are not suitable for the case of extremists sharing Arabic
content. However, other studies focus only on a limited set of interaction and not on all the types of interactions on
social networks. Moreover, several studies disregard the shared violent vocabulary’ analyzes in order to extract
extremists. We felt that an analysis of their activities in social media would complement this by providing additional
insight into the overall online presence of these groups.

3. Proposed methodology

Online religious radicalization on social networks is a malicious stir, which is generally practiced by Arabic
extremists. Thus, we are interested in our methodology by the Arabic language analysis in order to extract radical
communities and their violent vocabulary on social networks. Meanwhile, analyzing Arabic language contents raises
several requirements to be addressed and assists to make of our methodology a scoop in the data mining field. In
addition, extracting dangerous vocabulary serves to discover several extremists’ users and thus detect radicalism on
social networks. Figure 1 shows an overview of the workflow of the proposed methodology. Our methodology consists
mainly of three major stages: (1) The violent vocabulary extraction based on a set of annotated dangerous and non-
dangerous profiles (2) The active users identification screwed these dangerous profiles. (3) The danger degrees
computation of the identified users in order to extract radical communities. These steps are performed recursively
exploring the new set of the extracted users identified as dangerous profiles at each run. All these stages will be detailed
in the following subsections.

Fig. 1. Methodology workflow schema

 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019 2013
Amal Rekik / Procedia Computer Science 00 (2020) 000–000 4

3.1. Radical vocabulary extraction

• Data collection and preprocessing

The data collection step consists mainly, at the first run, on extracting textual content shared by both radical and
non-radical communities on Twitter and YouTube. To do so, we start by collecting a set of extremist and non-extremist
users from these two social media sites. To do so, we explore our data collection methodology proposed in [7]. Thus,
exploring this methodology, we conserve two communities in order to analyze their textual contents: (1) radical
community containing extremist users and (2) non-radical community holding non-extremist users.
After this step, we proceed the data collection stage. So, we extract all published textual data of each Twitter user
belonging to each community. On the other hand, for every YouTube user of each community, we keep all his
comments toward malicious videos as well as the titles and descriptions of his liked and shared videos. Originally, the
data extracted from these social media channels is obtained from the content generated by different users. Meanwhile,
the results of the data mining method depend heavily on the quality of the data. For this reason, the preprocessing of
the collected data is very crucial to achieve powerful data analyzes. Therefore, during this stage, we perform the
preprocessing of the collected data. To do so, we clean first all characters that are not in Arabic Language. Then, we
remove diacritics, punctuation marks, numbers and stop words from the Arabic textual data. Hence, we obtain two
final datasets appropriated for radical and non-radical textual content which are ready to be analyzed.

• N-grams and itemsets mining

After the data collection and pretreatment stage, we pass to the extraction of the frequent n-grams and itemsets from
the two gathered preprocessed datasets. In reality, radical organizations vary from one social media platform to another
as well as their utilized vocabulary. For this purpose, this phase requires analyzing the data of each obtained
community from Twitter and Youtube separately and then combine the obtained findings. So, we have, initially,
separated each data shared by the radical community on Twitter and Youtube in n-grams with n<=3. Likewise, we
have represented each data shared by the non-radical community in n-grams with n<=3. In fact, an n-gram is defined
as a subsequence of n words assembled from a given sequence respecting the order. After the representation of the
textual content shared by both radical and non-radical communities, we proceed the frequent n-grams and itemsets
extraction step. Actually, an itemset is an association of n-grams that occurs together in the collected data ignoring the
order. Each n-gram has a support which is defined as its frequency in the collected dataset. Likewise, each itemset has
a support that corresponds to the frequency of simultaneous appearance of n-grams contained in the data set. Each n-
gram or itemset is identified as frequent if its support is greater than a predefined threshold. Indeed, the frequent n-
grams and itemsets extraction from data plays one of the most important roles. Actually, it tries to find interesting
patterns from databases, and thus constitutes our methodology's core level. At this step, our approach explores the A-
priori algorithm in order to extract the frequent n-grams and itemsets. Then, we calculated their supports to prune those
that are non-frequent. Next, we kept as frequent n-grams and itemsets the union of the obtained frequent n-grams and
itemsets from Twitter and Youtube. Actually, we notice that these obtained supports are closed and thus it is difficile
to distinguish between them. Accordingly, we have ranked the obtained frequent n-grams and itemsets in descending
order of their supports. Afterwards, we assign for each itemset a weight referring to its importance in the dataset. This
weight W of an itemset I can be calculated as follow:

(𝑁𝑁 + 1) − 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅(𝐼𝐼)
𝑊𝑊(𝐼𝐼) =
(𝑁𝑁 + 1)

Where N is the number of the extracted frequent n-grams and itemsets and Rang is the order of the n-gram or
itemset I according to its support.
These previous steps are carried out similarly for the dataset appropriated to the non-radical community. Likewise,
we obtain for each n-gram and itemset extracted from the non-radical content, its assigned weight. Hence, we have
2014 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019
Amal Rekik / Procedia Computer Science 00 (2020) 000–000 5

obtained at this stage two types of n-grams and itemset: (1) a set of n-grams and itemsets designing the radical context
and (2) a set of n-grams and itemsets designing the non-radical context.

• Violent vocabulary extraction

After the frequent n-grams and itemsets extraction step, we proceed the dangerous vocabulary mining task. At this
stage, we aim to explore the obtained frequent n-grams and itemsets of both radical and non-radical contexts in order
to extract the violent vocabulary used by extremists. In fact, since radical communities post radical and non-radical
content, we have obtained frequent n-grams and itemsets that are used by both extremist and non-extremist
organizations. Thus, we cannot categorize these common n-grams/itemsets as radical or non-radical. For this purpose,
we assign for each one a violence degree VD referring to its degree of danger in order to extract precisely the
vocabulary specific to each community. This violence degree is calculated as follow:

𝑉𝑉𝑉𝑉(𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼 𝐼𝐼) = 𝑊𝑊(𝐼𝐼)𝑅𝑅𝑅𝑅 − 𝑊𝑊(𝐼𝐼)𝑁𝑁𝑁𝑁𝑁𝑁

Where W(I) RC is the weight of the n-grams or itemset I extracted from the radical context and W(I) NRC is the
weight of the n-grams or itemset I in the non-radical context. The annotation of each itemset is determined
automatically according to the value of its degree of violence as it will be described in figure 2.

Fig. 2. The different possible annotations of the extracted itemsets

Where s1, s2, s3 and s4 are thresholds that we have fixed on a dataset of development.

3.2. Active profiles detection

Detecting malicious communities on social networks could not only anticipate these attacks and predict them, but
also, anticipate the recruitment thread of new extremists. So, to do that, there is a need to find models that represent
jihadist thinking in order to delve into this kind of shared data and thus detect terrorists’ communities. For this aim, at
this step, we are based primarily on the set of terrorists detected by our methodology proposed in [7]. In fact, extremists
are actively reacting on social within communities. So, we are focused mainly, at this stage, on the interactions of
users towards terrorists’ posts in order to extract the most active users. In fact, generally, a user community on Twitter
is the set of accounts which are followings or followers of the analyzed account. However, relying solely on these two
relationships is not enough especially in the context of extracting terrorists’ community. For this reason, in our
research, a user community includes each user having any interaction with the suspicious account and its content. So,
we have defined a set of interactions which are: mention, like, liked by, retweet, retweeted by, reply, following and
follower. Nevertheless, the confidence degree of each interaction is different depending on its importance on detecting
the belonging rate of the user to the terrorist community. So, we have assigned a confidence degree for each possible
interaction on Twitter according to the following assumptions:

• Users mention users assumed to be an interested party in order to attire its attention.
• Users like posts when they are appreciating the idea transmitted beyond.
• Users retweet anything that particular resonates with them, a publication that they find intriguing or that arouses
interest in one way or another.
 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019 2015
Amal Rekik / Procedia Computer Science 00 (2020) 000–000 6

• Users reply to a tweet that particular interests them in order to take part in conversations. The replied message can
be either a support or a reject of the idea.
• Users follow accounts whose updates interest them.

In addition of the consideration of all these assumptions, we have also relied on our observations on a set of users
composing a development dataset in order to accord a confidence degree of each interaction on Twitter so that their
sum is equal to 1(table1).

Table 1. Considered interactions on Twitter followed by their confidence degrees.

Interactions Mention(ed) Like(ed) Retweet(ed) Reply(ied) Follow(ed)
Confidence degree 0.25 0.2 0.15 0.1 0.05

So, after the extraction of the community of each suspicious account, we calculated the total interaction degree IntD
of each user belonging to each community as follow:

𝑛𝑛𝑛𝑛𝑛𝑛
𝑛𝑛𝑛𝑛𝑛𝑛 𝑖𝑖𝑖𝑖 𝑐𝑐

𝐼𝐼𝐼𝐼𝐼𝐼𝐷𝐷𝑢𝑢𝑢𝑢𝑢𝑢𝑢𝑢 = ∑ ∑ 𝐶𝐶𝐷𝐷𝑖𝑖
𝑖𝑖=1
𝑐𝑐=1

Where nbC is the total number of communities, nbI is the total number of interactions effected by the user within
each community and CD is the confidence degree of each interaction. Finally, we have preserved only active users
beyond the terrorist communities having an interaction degree upper than a predefined threshold.

3.3. Radical communities’ extraction

Detecting active users in order to identify them as dangerous profiles is not adequate to fully get a sense of
extracting terrorist communities. So, to further enhance this, we focus during this step on extracting the danger degree
of each active user based on the previously collected vocabulary. To do so, for every active user, we have collected
all his shared textual content in order to analyze his used vocabulary. For each tweet, we focus on each dangerous
itemset shared by the user in order to calculate its danger degree. However, several itemsets are used by both radical
and non-radical communities. Hence, there is a need to focus on the context on which the itemset was used. So, at this
case, we have recourse to the recursive partitioning and especially the regression trees [8]. Thus, firstly, for each
common itemset, we have collected all the textual data where it is contained. Then, we have extracted a set of features
defined as the frequent words contained in the collected data. At this stage, each textual data is presented by the
defined features and annotated as dangerous or non-dangerous depending on the annotation of the user by whom it
was shared. So according to these representations, we have trained our data in order to produce the model of regression
tree of each itemset. So, when analyzing the shared content of each user in order to calculate his violence degree VD,
we have to make the sum of the danger degree of his used itemsets as follow:

𝑛𝑛𝑛𝑛𝑛𝑛𝑛𝑛𝑛𝑛𝑛𝑛

𝑉𝑉𝐷𝐷𝑢𝑢𝑢𝑢𝑢𝑢𝑢𝑢 = ∑ 𝐷𝐷𝐷𝐷(𝐼𝐼𝑗𝑗 )
𝑗𝑗=1

Where nbrUDI is the total number of the dangerous itemsets used by the active user and DDI (Ij) is the danger
degree of each used itemset j. In the case of a common itemset, we represent the data containing this itemset by the
selected features. Then, we apply the model produced by the training of the regression tree of the item to the obtained
representation. We obtained a probability that the itemset was used in a violent context Pv as well as the probability
that the itemset was used in the non-violent context Pnv. If Pv is greater than Pnv, then, we considered the danger
2016 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019
Amal Rekik / Procedia Computer Science 00 (2020) 000–000 7

degree of the itemset extracted in the violent context. Else, we token into account its danger degree when it was used
in the non-violent context. Thus, for each active user, we have preserved his interaction degree as well as his danger
vocabulary degree. So, at this stage, we perform the normalization of these two degrees in order to compute the final
degree of danger FDD of each user as follow:

𝐼𝐼𝐼𝐼𝐼𝐼𝐷𝐷𝑢𝑢𝑢𝑢𝑢𝑢𝑢𝑢 𝑉𝑉𝐷𝐷𝑢𝑢𝑢𝑢𝑢𝑢𝑢𝑢
𝐹𝐹𝐹𝐹𝐷𝐷𝑢𝑢𝑢𝑢𝑢𝑢𝑢𝑢 = +
𝑀𝑀𝑀𝑀𝑀𝑀 𝑛𝑛(𝐼𝐼𝐼𝐼𝐼𝐼𝐷𝐷𝑢𝑢 ) 𝑀𝑀𝑀𝑀𝑀𝑀 𝑛𝑛(𝑉𝑉𝐷𝐷𝑢𝑢 )
𝑢𝑢 ∈ 𝑈𝑈𝑈𝑈𝑈𝑈𝑟𝑟1 𝑢𝑢 ∈ 𝑈𝑈𝑈𝑈𝑈𝑈𝑟𝑟1

Where n is the total number of users, 𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈 𝑎𝑎𝑎𝑎𝑎𝑎 𝑉𝑉𝑉𝑉𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈 are the values of the interaction degree and the violence
degree of the user, respectively. Finally, each active user is listed as dangerous if his final danger degree is greater
than a defined threshold.
Following this step, we have obtained a set of dangerous profiles which we will analyze their textual data. In fact,
these analyzes are intended to enrich the initial glossary of dangerous vocabulary extracted in the first step of our
methodology. For this purpose, our methodology consists on re-performing all the previous step recursively using the
obtained set of dangerous profiles and the glossary of violent vocabulary in order to extract radical communities.
4. Experimental results

In order to evaluate the efficiency of our proposed methodology, we have conducted a set of experiments. Our
proposed recursive dangerous communities’ detection approach is implemented primarily using two well-known
languages which are R and Python. Our method evaluation step was decomposed on two stages which are namely the
violent vocabulary evaluation and the community extraction evaluation. The subsections below describe the statistics
and experimental results obtained in each phase of our methodology.

4.1. Dangerous vocabulary evaluation

During the dangerous vocabulary evaluation phase, we have resorted to a domain expert in order to determine the
performance of our methodology basing on its intuition and expertise in the violence field. This expert's assessment
was done primarily on two levels. On the first stage, the expert evaluates the results provided by our method. Based
on the expert findings, we carry out an additional assessment of his results throw fixing a set of rules presented in
table 2 knowing that CL is the class of the itemset and the VD is its violence degree.

Table 2. Fixed rules for the extra evaluation

Rule 𝐶𝐶𝐶𝐶(𝐼𝐼1 ) = 100% ➔ 𝐶𝐶𝐶𝐶(𝐼𝐼1 , 𝐼𝐼2 , . . 𝐼𝐼𝑛𝑛 ) = 100%
If the class of an itemset 𝐼𝐼1 is 100% violent, then, whatever the n-itemset in which it is used, the
Explanation
R1 class of this n-itemset is equal to 100% violent.
CL (‫ = )ذبح‬100%➔CL (‫خالفة‬، ‫جيش‬، ‫ = )ذبح‬100%
Example
CL (Slaughter) = 100%➔ CL (Slaughter, army, caliphate) = 100%
Rule (𝑉𝑉𝑉𝑉(𝐼𝐼1 ) = 𝑆𝑆1 )𝐴𝐴𝐴𝐴𝐴𝐴 (𝑉𝑉𝑉𝑉(𝐼𝐼2 ) = 𝑆𝑆2 ) AND (VD(𝐼𝐼𝑛𝑛 ) = 𝑆𝑆𝑛𝑛 ) ➔ VD(𝐼𝐼1 , 𝐼𝐼2 , 𝐼𝐼𝑛𝑛 ) ≥ 𝑀𝑀𝑀𝑀𝑀𝑀(𝐶𝐶𝐶𝐶(𝐼𝐼1 , 𝐼𝐼2 , 𝐼𝐼𝑛𝑛 ))
The violence degree of a set of items contained in the same tweet is equal to the minimum of the
Explanation
R2 violence degree of each itemset used separately.
(𝑉𝑉𝑉𝑉(‫ = )معركة‬0.6), (𝑉𝑉𝑉𝑉(‫ = )قتل‬0.8), (VD(‫ = )اقتحام‬0.4) ➔ VD(‫معركة‬، ‫قتل‬، ‫ ≥ )اقتحام‬0.4
Example
(𝑉𝑉𝑉𝑉(battle) = 0.6), (𝑉𝑉𝑉𝑉(kill) = 0.8), (VD(𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠) = 0.4) ➔ VD(𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏, 𝑘𝑘𝑘𝑘𝑘𝑘𝑘𝑘, 𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠) ≥ 0.4
Rule 𝑉𝑉𝑉𝑉(𝐼𝐼1 (𝑚𝑚1 𝑚𝑚2 )) = 𝑆𝑆1 ➔ 𝑉𝑉𝑉𝑉(𝐼𝐼(𝑚𝑚1 , 𝑚𝑚2 )) ≤ 𝑆𝑆1
The violence degree of a 1-itemset containing an n-gram is superior than or equal to the violence
Explanation
R3 degree of an itemset containing the n words composing the n-gram.
𝑉𝑉𝑉𝑉(‫ = )خالفة دولة‬0.5➔ 𝑉𝑉𝑉𝑉(‫خالفة‬, ‫ ≤ )دولة‬0.5
Example
𝑉𝑉𝑉𝑉(𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐ℎ𝑎𝑎𝑎𝑎𝑎𝑎 𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠) = 0.5➔ 𝑉𝑉𝑉𝑉(𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐ℎ𝑎𝑎𝑎𝑎𝑎𝑎, 𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠) ≤ 0.5
 Amal Rekik / Procedia Computer Science 00 (2020) 000–000 8

Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019 2017

(a) Itemsets composing Itemsets composing

(b)
the collected glossary the collected glossary

1-itemset 2-itemset 3-itemset 4-itemset 100% Violent 75% Violent 50% Violent
5-itemset 6-itemset 7-itemset 8-itemset 25% Violent 0% Violent

Fig. 3. Statistics about the collected itemsets composing the glossary in terms of (a) n-itemsets (b) degree of violence

At this stage, we have proceeded the analysis of the textual content shared by malicious users in order to collect
their frequent dangerous itemsets. For this purpose, we refer to another expert in order to estimate the inter-annotation
agreement between these two experts. This agreement rate depends on the number of information having the same
annotation by these two experts on a test corpus composing of 1000 itemsets consisting of the extracted vocabulary.
So, we obtain 0.756 as a Cohen’s Kappa coefficient between these two experts. Thus, according to [10], the intra-
agreement between these two experts is rather strong. Such findings demonstrate how effective our approach is in the
extraction of violent vocabulary shared by radical communities on Twitter. So, as a result, during the first iteration,
we have collected 8302 itemsets composing the corpus. However, during the second and the third iterations, we have
obtained 3209 and 2975 itemsets (figure3). In fact, we have also noticed that the collected violent vocabulary during
the second iteration is similar to the collected violent vocabulary during the first iteration. In fact, around 57% of the
second collected vocabulary is the same as the itemsets collected on the first iteration. This can be explained by the
fact that the violent vocabulary explored by the radical communities on Twitter converge typically to the same
dangerous corpus. A sample of the collected dangerous corpus is shown in Figure 4. Next, in order to test the efficiency
of our proposed methodology, we have measured its accuracy, recall, precision and F-measure. Table 3 shows results
of our experiments in the performed iterations.

Fig. 4. Sample of the itemsets composing the collected corpus

Table 3. Results of our proposed methodology.

Precision Recall F-measure
Iteration 1 0.951 0.976 0.96
Iteration 2 0.771 1 0.87
Iteration 3 0.695 1 0.82
 Amal Rekik / Procedia Computer Science 00 (2020) 000–000 9
2018 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019

So, we can observe that our algorithm can effectively extract dangerous vocabulary frequently used by terrorist
communities with good efficiency values.

4.2. Community detection evaluation

On the other hand, during the community extraction of the suspicious profiles, we have gathered a set of accounts
which are potentially dangerous users (3325 profiles). Then, we have selected the most active users who are frequently
in touch with dangerous profiles. In fact, given the sensitive nature of the problem setting, we have encountered a set
of difficulties while experiments. Actually, the Twitter deletes permanently dangerous accounts having violent or
terrorist attitudes for security purposes. Consequently, during the step of checking their dangerous used vocabulary
and calculating their final score, we have discovered that several accounts of them are suspended automatically by
Twitter (figure 5). Such observation can be explained by the fact that the suspicious profiles that we have collected
are effectively dangerous since a part of them are suspended. This may be one of the proofs confirming the efficacy
of the dangerous profiles collection phase.

Potential dangerous collected users Users' accounts composing the test

dataset
15% 19%

85% 81%

Dangerous suspended accounts

Dangerous analyzed accounts Dangerous accounts

Fig. 5. Proportion of the suspended accounts among the potentially Fig. 6. Proportion of the dangerous profiles among the evaluated
dangerous users accounts

In order to enrich the dangerous profiles corpus collected at the first iteration using our methodology mentioned in
[7], we concentrated primarily on each account's community composing the dangerous list of these suspicious profiles.
Then, we picked the most active members of these communities in order to examine their shared content and thus
extract the dangerous communities on social networks. However, in order to ensure the reliability of our dangerous
profile selection process and the efficacy of our corpus, we should evaluate the danger of the collected profiles from
which we will extract the violent vocabulary. To this end, at each iteration, we selected a test dataset containing
dangerous profiles to be checked by a domain expert. Table 4 and figure 6 reveal the results of our experiments.

Table 4. Results of our proposed methodology for dangerous profiles extraction.

Test dataset size Precision
Iteration 2 50 0.86
Iteration 3 30 0.733

Next, we have recourse to another expert in order to calculate the inter agreement between the two annotations. To
do so, we have used Cohen's Kappa as a measure of agreement between the two annotations (the identification
performed by the two experts) [9]. Thus, we have obtained an agreement value equal to 0,88. This value proves the
good agreement between the identification performed by our method and the annotation realized by the expert. These
results attest that our method achieves a good recognition performance which proves its efficacy in collecting
dangerous communities on Twitter. So, we can conclude that the collected dangerous profiles compose a good corpus
to be analyzed in the enrichment of the violent corpus step.
 Amal Rekik et al. / Procedia Computer Science 176 (2020) 2010–2019 2019
Amal Rekik / Procedia Computer Science 00 (2020) 000–000 10

4.3. Comparison with state of the art

In order to evaluate our methodology, we have additionally performed a set of comparisons with existing work of
the literature. Thus, beginning with the method proposed in [2], as stated in the related work section, authors aims to
detect potential radical users by examining their interactions with extremists’ profiles. To do so, they focus only on
mentions and retweets between radical users and potentially vulnerable users. Similarly, authors in [4] examined
interactions between nodes merely in terms of mentions and retweets. On the other hand, authors in [3] focused solely
on the content analysis using natural language processing techniques in order to identify extremist users on social
networks. Otherwise, authors in [5][6] concentrated on both users’ content analysis and social networks analysis in
order to extract centrality, betweenness, number of retweets… So, actually, we suggest that focusing solely on users’
content or profiles interactions may not be the ideal to extract radical communities. For this purpose, comparing with
the state of the art, our methodology has the benefit of concentrating on all interactions on Twitter as well as the
content published by each user to achieve more precious results for the radical communities’ detection. Furthermore,
while extremists are typically Arabic users, the state of the art does not spotlight on Arabic language. So, we have
remedied this restriction in our methodology by considering the Arabic content that was published on Twitter.
As a conclusion, we notice that the performed experimental evaluation of our methodology demonstrates its
effectiveness and efficiency. Furthermore, our collected corpus can be used in various language and not just Arabic as
it is composed of a set of itemsets containing n-grams. This can be seen as one of our methodology's greatest
advantages. In fact, we have limited to perform only three iterations. Actually, the selected development dataset
determines the number of iterations to perform. So, we have noticed that, from the third iteration, the collected
vocabulary converges to be religious and hence non-violent. This can be explained by the selection of the picked
development corpus, as well as the use of the fairly wide constraints. Therefore, we have to choose the right
compromise between the severity of the constraints and the number of iterations.
5. Conclusion

To crown all, we introduced, in this paper, a new recursive methodology radical communities’ detection on social
networks. Our methodology is based basically on extracting recursively a set of radical profiles based on their
suspicious interactions and dangerous shares. Then, we analyzed their shared textual data in order to extract their
dangerous vocabulary. Thus, we have constructed a rich corpus of dangerous communities as well as their violent
vocabulary frequently used by them on social networks. Finally, we have performed several experiments that attest
the performance of our methodology on extracted dangerous profiles and their violent vocabulary on social networks.
In brief, our methodology serves to divulge radical communities and thus to fight against the violence and the online
radicalization. So, as a perspective, we aim to assign a weight to penalize the religious vocabulary.

References

[1] Awan, Imran. (2017) “Cyber-extremism: Isis and the power of social media.” Society 54(2): 138-149.
[2] López-Sáncez, Daniel, Revuelta Jorge, de la Prieta Fernando, and al. (2018) “Towards the automatic identification and monitoring of
radicalization activities in twitter.” in International Conference on Knowledge Management in Organizations 589-599.
[3] Oussalah, Mourad, Faroughian,F., and Kostakos Panos. (2018) “On Detecting Online Radicalization Using Natural Language Processing. ” in
International Conference on Intelligent Data Engineering and Automated Learning 21-27.
[4] O'Callaghan, Derek, Greene Darek, Conway Maura and al. (2013) “Uncovering the wider structure of extreme right communities spanning
popular online networks.” Proceedings of the 5th Annual ACM Web Science Conference.
[5] Bermingham, Adam, Conway Maura, McInerney, Lisa and al. (2009) “Combining social network analysis and sentiment analysis to explore
the potential for online radicalisation.”. in International Conference on Advances in Social Network Analysis and Mining 231-236.
[6] Ferrara, Emilio, Wang Wen-Qiang, Varol Onur,and al. (2016) “Predicting online extremism, content adopters, and interaction reciprocity.” in
International conference on social informatics 22-39.
[7] Rekik, Amal, Ameur Hanen, Abid Amal, Mbarek Atika, Kardamine Wafa, Jamoussi Salma, And Ben Hamadou Abdelmajid (2018) “Building
an Arabic Social Corpus for Dangerous Profile Extraction on Social Networks.” Computación y Sistemas, 22(4).
[8] Loh, Wei‐Yin. (2011) “Classification and regression trees. ” Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 1(1):14-
23.
[9] Sim, Julius, and Chris C. Wright. (2005) “The kappa statistic in reliability studies: use, interpretation, and sample size requirements. ” Physical
therapy 85(3): 257-268.
[10] Landis, J. Richard, and Gary G. Koch. (1977) “The measurement of observer agreement for categorical data. ” biometrics 159-17