Asymmetric warfare: Geospatial analysis to combat IED attacks

Asymmetric warfare: Geospatial analysis to combat IED attacks


<< The article presents an insight about the methodologies used for the analysis and how the lessons learned in Afghanistan and Iraq can be used elsewhere in the world >>

Figure 1. Map of Baghdad showing IED attacks and associated constraints. Caches must lie within the red circles but not within the blue circles. The gray zones show infeasible regions to host a cache.

According to the NATO Center of Excellence Defence Against Terrorism (COE-DAT) 2011 annual report, India experienced 1,166 terrorist attacks that killed close to 650 people. In 2012, the numbers were slightly better – 767 terrorist attacks killing 333 innocent people. Most of these attacks involved Improvised Explosive Devices (IEDs) as the weapon of choice. IED attacks over the years in India have involved IEDs strapped onto bicycles, IEDs disguised as pressure cookers, and more. The primary targets of these IED attacks are markets where teeming throngs are out carrying out their daily shopping. The range of extremist groups carrying out IED attacks has also been substantial, ranging from IED attacks carried out by Indian Mujahideen (funded in part by the Pakistani Inter Services Intelligence agency) to attacks carried out by the Maoist insurgency. With numerous IED attacks per month and a host of armed groups funded by Pakistan, Indian civilians face an ever present threat to their security.

Nonetheless, much experience has been gained over the years from efforts to counter IED attacks in Iraq and Afghanistan where the US military and ISAF forces were able to reduce the number of terrorist attacks via a number of sophisticated means. In Iraq, the number of terrorist attacks dropped from 2,694 in 2011 (with 3,065 deaths) to 1,900 in 2012 (with 2,512 deaths). In Afghanistan, the number of terrorist attacks dropped from 2,009 in 2011 to 972 in 2012 along with a drop in the numbers killed from 2,977 to 1,999. These substantial reductions in terrorist attacks were due, in part, to intelligent methods to counter the adversary.

Between 2007 and 2011, Major Paulo Shakarian of the US Army and I led two major counter-IED projects[2,3,4] at the University of Maryland in which advanced information technology was harnessed in order to reduce IED attacks. The work culminated in the development of two systems called SCARE and SCARE-S2 focussing respectively Baghdad and the Helmand/ Kandahar provinces of Afghanistan and are summarised in the book, Geospatial Abduction: Principles and Practice.

The goal of SCARE [3] was to identify weapons caches in Baghdad that were used to facilitate multiple IED attacks. Identifying such cache sites had powerful implications – once identified, such sites could be monitored and insurgent leaders and other key players (for example, bomb-makers) identified, caught and further interrogated for information about the IED network.

SCARE focussed on detecting IEDs by understanding the constraints under which the insurgents were operating. Though some insurgents recruited suicide bombers, most insurgents carrying out IED attacks in Baghdad did not wish to either die or be caught – and this led to two operational constraints:

  • Constraint 1: Most insurgents did not want to travel long distances from a cache site to an attack site because of the risk of discovery by US forces when transporting munitions.
  • Constraint 2: Most insurgents did not want the attack site to be too close to the cache site because of the risk of discovery in post-attack security sweeps of the area around the attack site.

What this meant was that once an attack occurred at a particular location, one could draw two concentric circles centered at the attack location as shown in Figure 1. The cache is likely to be outside the smaller (blue) circle, but inside the larger (red) circle. The smaller circle represents the zone described by Constraint 2 above and the larger circle describes the area defined by Constraint 1. The two circles jointly represent a donut shaped region which is likely to contain one or more caches supporting the attacks. In SCARE, we used historical data on past attacks and past caches discovered in order to learn the radii of these two circles.

As a large number of attacks occurred in Baghdad, SCARE drew such donuts around each attack. The intersection of these zones show plausible locations for IED weapons caches. However, Figure 1 shows we can do better. SCARE allows an analyst to explicitly identify infeasible zones, shown in grey in Figure 1. In Baghdad, SCARE declared a zone infeasible (from the perspective of hosting an IED weapons cache) if it either:

  • Represented a Sunni neighbourhood of Baghdad (as all attacks considered in [2,4] were Shiite backed attacks);
  • Represented a coalition base (as IED weapons caches were not expected within coalition bases);
  • Was part of the Tigris river (as most IED caches were on land).

Once these ‘feasibility’ overlays are superimposed on the map, the only region left where a cache might possibly be hosted (for just the two attacks considered in Figure 1) is the region shown in green that the yellow arrow points to.

SCARE supports the use of any ‘feasibility’ map of Baghdad specifying which regions were feasible hosts of IED weapons caches. The conditions listed above were used by SCARE in Baghdad – other feasibility conditions can be used in other jurisdictions such as India. SCARE used a sophisticated mathematical algorithm to determine the most likely set of places where the cache is hosted. On data in Baghdad, SCARE was able to predict locations of caches to within 700m.

Maj Paulo Shakarian and I led the creation of a variant of SCARE, SCARE-S2, to identify the locations of High Value Targets (HVTs) in Afghanistan. HVT is defined as either an insurgent commander or a large weapons cache.

Unlike Baghdad which is a relatively small but densely populated area, in Afghanistan, we studied IED attacks in the sparsely populated and large provinces of Helmand and Kandahar. Helmand by itself is enormous – over 58,000 in area, while Kandahar province is only slightly smaller, over 54,000 sq. km. Both are slightly bigger than the state of New York. In contrast, Baghdad is just over a mere 4,500

In these two large provinces, a variant of SCARE called SCARE-S2 was used along with a number of assumptions.

The first assumption was that insurgents would use road networks for most of their operational transportation needs. This assumption was justified by the nature of the terrain in these provinces. Moreover, even if the insurgents used both off-road and on-road transportation methods, using the road networks as a proxy for the actual routes taken seemed reasonable as most attacks were carried out in locations that were either on roads or at junctions of roads (for example, markets). As a consequence, even if the insurgents were not using the roads themselves, they were unlikely to be too far from the roads which eventually they needed to get to as the targets were on or just off the sides of roads.

Figure 2. Red circle shows a location where an IED attack occurred. Blue squares show villages which are neither too close to the IED attack location

The second assumption used in SCARE-S2 was that HVTs were located in villages. This was a reasonable assumption again as most insurgent leaders tended to visit family and friends near villages and these families and friends often provided hospitality as required by the Pashtunwali code of conduct.

These two assumptions induced some differences (from SCARE) on how HVTs were discovered. Rather than using a pure geospatial model, SCARE-S2 uses a network model consisting of nodes and edges – nodes are villages, and edges are road segments connecting two villages together.

Each edge in this network is labelled with a distance, specifying the distance between the two villages. The distance is a proxy for the travel time (which we did not have from open source data).

The notion of ‘feasibility’ used in SCARE was replaced by tribal affiliation. If an IED attack occurred in village A, and there was a tribe T that lived both in village A and B, then B was a feasible location for the HVT cache. In addition, B needed to be at least a certain distance away from A and at most a certain distance away from A. This is because, as in the case of Baghdad, insurgents did not want their HVTs discovered in the security sweeps following an explosion in village A – but on the other hand, they did not want to run the risk of discovery of munitions during transportation from village B to village A; and this means that village B could not be too far from village A.

Figure 2 shows this situation with the road networks clearly identified – and villages are at the intersections of roads as well as at certain other points.

In the figure, an IED attack occurs at a village V shown as a red circle. As a first step, SCARE-S2 uses the road network to identify all villages that are larger than a minimal driving distance (on road distance, not crow flies distance) and smaller than a maximal driving distance. These numbers can be readily learned from historical data on past IED attacks and previously discovered HVTs. In Figure 2, the blue squares show the locations of villages that are within these minimal and maximal driving distances.

Once these villages are identified (in the figure, we see that A, B, C, D, and E are these villages) all villages that share a tribal overlap with the village V where the attack occurred can be eliminated. For instance, if villages A and C don’t have any resident tribes that live in village V as well, then they can be eliminated, leaving three possibilities behind.

Thus, every single attack leaves behind a set of candidate villages hosting an HVT responsible for the attack. In Figure 2, following the threat of discussion provided above, the candidate villages associated with hosting the attack on village V are B, D and E.

SCARE-S2 uses a mathematical algorithm to deal not only with just one attack at a time but also multiple such attacks. Each attack in a village V leads to a set of candidates identified as above. Of all such candidates, the SCARE-S2 algorithm finds a method of identifying the best set of villages that collectively explain all the attacks that were observed.

Given a set of attacks, SCARE-S2 returned as output, a set of villages that collectively had a density of HVTs that was 35 times larger than the average density of HVTs in the two provinces combined. Moreover, SCARE-S2 only returned 4.8 villages on average per prediction. This allows commanders and security officials on the ground to cue their intelligence and surveillance assets on those villages, enabling them to save valuable intelligence resources when smoking out the insurgents.

The lessons learned from SCARE and SCARE-S2 can be applied to many parts of the world where IED attacks are common – India, Pakistan, Philippines are three examples. Specifically, we recommend the following.

Create Detailed Demographic Maps
Our first recommendation is that security organisations in all affected countries create detailed demographic maps of their jurisdictions. These demographic maps should cover:

  • Religious distribution of the population on at least a square mile by square mile region – such religious distributions must go beyond mainstream religions (for example, muslims, christians) to more specific belief systems (for example, sunnis, shias, deobandi, barelvi);
  • Ethnic distribution of the population on at least a square mile by square mile region which tracks ethnicity of a population (for example, hazaras vs. tajiks) on a similar square mile by square mile population;
  • Economic distribution of the population with per capita income used to characterise each one sq. mile region.

Though the creation of such detailed demographic maps is a challenge, we believe that some of these maps can be created using modern technology such as crowdsourcing, GPS devices, and by leveraging census data. Such maps are invaluable in identifying possible candidate locations for IED caches and HVTs as used by SCARE and SCARE-S2.

Randomise Security Sweeps along Roads
Insurgents are keenly aware of the need to avoid detection as they travel from a cache or HVT site to a site where they plan to carry out an attack. Given the extremely large number of potential targets that the insurgents can choose to attack and given the relatively small resources available to disrupt such attacks, it is essential that these protective resources be used effectively.

Static road checkpoints are frequently used in many countries, for example, India. The location of these road patrols must be selected intelligently in order to disrupt attacks against selected targets using methods such as those proposed by Dickerson et al[5].

But insurgents are continuously reacting to security activity on the ground. In order to address this, a certain element of randomisation is needed. We recommend intelligent randomisation of both locations of static road checkpoints as well as intelligent patrolling strategies – the methods suggested by Dickerson et al[5] for protecting moving targets can be readily adapted to moving adversaries.

Randomise Security Sweeps after Attacks
Insurgents are well aware that security forces usually sweep an area of a certain radius, mindist after an attack. It is this knowledge that makes them choose to put their HVTs or caches a little further away, but no more than some distance, maxdist from the attack site. These two numbers, mindist and maxdist specify the donut shown earlier in Figure 1 and a region (though not shaped like a donut) in Figure 2.

After an attack, the proposed strategy would, in addition to doing the normal security sweep up to mindist distance units from the attack, additionally and randomly search locations within the donut after an attack. This would have the effect of pushing the envelope beyond mindist forcing the attackers to move their HVTs and caches further away from the intended attack locations, reducing the probability of success of their attacks as they are squeezed by some of the other actions recommended in this section.

Shape the Adversary’s Movements
This strategy focuses on making certain targets and routes appear to be relatively unprotected so that the adversary is lured towards them and is captured in a pre-planned security sweep when doing so.

For instance, in Figure 2, we know that the HVT is at either locations B, D or E, but we are not sure where. We also know the insurgents strike approximately once a week. A security agent may use advanced aerial surveillance (for example, drones) and other methods to survey locations B,D, and E, while simultaneously withdrawing overt presence of security forces along certain roads and concentrating them elsewhere.

Realising that certain roads are now clear and afford an easy path to certain targets, insurgents may be emboldened and start moving along those roads allowing security forces to swoop down on anomalous vehicles either enroute to the target or via sudden inspections near the target in the hope of uncovering the insurgents.

IED attacks are playing an increasing role in insurgencies all over the world. India, in particular, has been extremely vulnerable to such IED attacks. Many different techniques ranging from video surveillance to thermal imaging to spectroscopic particle analysis methods have been proposed to help bring terrorists carrying out IED attacks to justice. In this article, the focus has been on the use of computational methods to systematically analyse past data about terrorist attacks and IED cache and HVT locations in an effort to identify part of the logistics supply chain supporting such attacks. Many other techniques can – and should – be applied including surveillance of mobile phone and internet communications in IEDprone areas in order to uncover the nature of the operational insurgent network. Nonetheless, the techniques described here have provided impressive results in two conflict zones – Baghdad and Afghanistan – and should be used in other theaters along with other techniques.


  1. Center of Excellence Defense Against Terrorism 2012 Annual Terrorist Report, NATO report, Jan 2013, COEDAT, Turkey.
  2. P. Shakarian and V.S. Subrahmanian. Geospatial Abduction: Principles and Practice, Springer, Nov. 2011. Foreword by LTG (Ret) Charles Otstott.
  3. P. Shakarian, J. Dickerson, and V.S. Subrahmanian. Adversarial Geospatial Abduction Problems, ACM Transactions on Intelligent Systems Technology, Vol. 3, Nr. 2, Article Nr. 34, 35 pages, Feb. 2012. DOI: 10.1145/2089094.2089110
  4. P. Shakarian, V.S. Subrahmanian and M.L. Sapino. GAPS: Geospatial Abduction Problems, ACM Transactions on Intelligent Systems and Technology, Vol. 3, Nr. 1, Oct 2011, Article Nr. 7, doi10.1145/2036264.2036271
  5. J. Dickerson, G. Simari, S. Kraus and V.S. Subrahmanian. A Graph- Theoretic Approach to Protecting Static and Moving Targets from Adversaries, Proc. 2010 Intl. Conf. on Autonomous Agents and Multi- Agent Systems, Toronto, May 2010, pages 299-306.