The Neighborhood Network Watch Keyword Analysis Application (NNWKAA)

The Neighborhood Network Watch Keyword Analysis Application (NNWKAA) is a text analysis application that is designed to look for words that are associated with terrorism or national security threats from raw network dumps from a packet sniffer and assigns them a suitable rating. However, it is not meant to be an accurate tool by any means and is designed specifically to hyper-inflate the amount of perceived terror that is found in the network traffic dumps. This amplification of terror acts as both the fuel and pretense for the ideology that governs the fictitious group that uses the application, The Neighborhood Network Watch. It also is able to demonstrate that software, systems, and apparatuses are not necessarily objective entities that are infallible. Rather they are subjective and are governed by the entities that designed them and in turn reproduce the ideologies of those creating the application.  Also, critiquing and forefronting the usage of opaque systems such as the DHS’ five-tier color coded Homeland Security Advisory System. In turn these apparatuses are able to reproduce the conditions for renewed production time and time again since the system is rarely questioned after it has been created, specialized, and made into a complex system.

How It Operates

The NNWKAA first breaks down the raw network dumps by attempting to strip out extraneous and useless information, which includes header info, HTML and CSS tags. Next the NNWKAA begins to look at each word within the network dump. At this point each word is checked to see if it is on a list of flagged words that are known to be associated with terrorism or national security threats. This list is known as the Neighborhood Network Watch Keyword List (NNWKL). This list is based off of an ECHELON word list that has been supplemented with data that has been scraped from the FBI and INTERPOL websites. If a word is flagged the application pulls the word preceding and following the flagged word. These words become contextual words that maybe eventually added into a separate word list, which acts as a supplement to the NNWKL, to allow the applications word lists to learn over time and automatically expand or initiate mission creep. If a word is not flagged it is checked against a dictionary to see if the word is indeed a word. From here the application then calculates the “Terror Percentage” which is the amount of words flagged to the total number of words found. Also, outputted are the counts for both flagged words and the total number of words. Based off of this percentage the application also generates a rating for the network traffic using a rating system that is similar to that of the Department of Homeland Security, both in verbiage as well as in description. Along with this rating a listing of the top 20 flagged words, also known as the hit parade, is then generated and displayed. At this point the contextual words that were found around the flagged words have probabilities calculated for them to see if they meet the minimum requirement to be added to the supplementary word list. In addition there is a minimum occurrence threshold as well. These words are then added to the supplementary word list and the statistical results and the hit parade are outputted to text files.

The statistical results from the NNWKAA are then used to generate a plethora of charts, graphs and maps that depict and single out “hot spots” of terrorist activity as well as trends over time.

To learn more about the NNWKAA and The Neighborhood Network Watch please visit the official Neighborhood Network Watch site as well as the page dedicated to The Neighborhood Network Watch. For looks at the development of the NNWKAA v3.5 please visit the ECM292 A2Z blog. Here is an early programming flow diagram as well.

Photo Documentation

Video Documentation


Video demonstration of the NNWKAA v3.5

Source Code
The application was built in Java with Processing driving the visual front end of the NNWKAA. The source code can be downloaded here. The NNWKAA does not require a network dump file (.cap) to run you can input any text it just needs to be inside of the capfiles folder or you need to make one in the directory where the application resides. I will be making the application into a standalone java applet soon.