1 Introduction

Energy commodities include several primary and secondary sources used to fuel our modern globalized economies. These include, among others, the fossil fuels of oil, natural gas, coal, and uranium, as well as renewables such as solar, wind, and hydropower. These commodities are the cornerstone for economic growth, facilitating our living standards. They are traded in global and regional markets, with prices driven by the standard forces of demand and supply, geopolitical balances, and climate restriction policies. As climate warnings become more intense and frequent, the need for renewable energy sources is increasing. Unfortunately, the modern world, with its intensive use of traditional energy commodities, i.e., with high carbon intensity levels [1], has accelerated global warming [2]. Toward this end, governments and international actors, through targeted regulations, policies, and incentives, aim to promote the adoption and development of renewable sources [3, 4]. They also establish targets for reducing renewable energy capacity and carbon emissions [5]. By supporting investment, research, and innovation, renewable source regulation paves the way for a cleaner, more resilient, and environmentally conscious energy future.

Furthermore, investing in and managing energy commodities demands a deep knowledge of marketplace dynamics [6], of long-term exogenous factors, but also of the fiscal capacity a country has given its macroeconomic status [7]. In contrast to former centuries, where these commodities were traded physically, mostly in bilateral schemes, now organized energy markets have this role, incorporating sustainability concerns [8, 9]. Furthermore, energy is a commodity vulnerable to geopolitics and supply chains [10] and has often been the reason for conflicts and tensions [11, 12]. Regions rich in fossil fuels, such as the Eastern Mediterranean (EM), the Middle East (ME), and North Africa (NA) regions, have witnessed geopolitical turmoil [13, 14]. Ruling over energy resources can influence political power and alliances as countries gain leverage over others [15, 16]. Geopolitical events, such as conflicts or sanctions, can disrupt energy supply chains from exploration to refining transportation and distribution. These international and complex networks involve several stakeholders with different goals and priorities. Operating efficiently and reliably is crucial for avoiding supply shortages, price hikes, and economic repercussions [17]. Diversifying energy sources and supply routes is essential in enhancing energy security and prices and reducing geopolitical risks [18, 19].

Moreover, the interplay between geopolitics about territorial disputes and uneven governance systems, with socioeconomic disparities, shares an intricate connection with that of sea piracy, revealing the complexity of global security concerns around this topic. Pirates capitalize on these conditions by creating optimal circumstances for illicit activities and targeting vulnerable trading routes within maritime regions worldwide. Scrutinizing the issue from a different angle reveals that pirate activities can negatively affect international trade and contribute to regional instability, highlighting its detrimental outcomes for all parties involved. Thus, nations must collaboratively tackle these issues, emphasizing interconnectedness relating to safeguarding global maritime interests and acknowledging the inseparable connections between geopolitics and naval security.

Hence, energy commodities and their transfer should be studied within geopolitics, global markets, supply chains, and environmental frameworks [20]. In this paper, we seek to find, if any, association rules in the features or tactics of maritime piracy attacks from 2000 until 2022. To do so, we examine all the attacks worldwide and implement the standard association algorithm Apriori [21]. This study contributes to how we format our dataset to shed light on underlying relationships and produce essential policy implications. The remainder of the paper is structured as follows: a comprehensive literature review is performed in the following section, and Sect. 3 describes the data and the empirical analysis we followed. Section 4 presents our research output, and we conclude in Sect. 5.

2 Literature review

Maritime oil theft has become a critical issue worldwide due to its impact on global energy security and marine transportation systems. Researchers have conducted thorough studies on this issue, concentrating on oil-rich regions such as the Gulf of Guinea, Malacca Strait, and Horn of Africa.

The literature aims to understand various facets, such as the dynamics of piracy incidents or root causes leading seafarers to engage in such criminal activities, while exploring its implications globally. For instance, economic pressures or social instability may influence individuals' decisions to engage in piracy. The irregularities associated with maritime oil theft significantly negatively impact energy supply chains and international relations, stressing the need for the implementation of additional measures. Actions already in force are enhanced naval patrols and better intelligence-sharing practices, which contribute to safer passages for shipments while safeguarding global resources and overall security across territorial waters.

Other strands of literature on maritime piracy examine spatiotemporal patterns and mitigation strategies [22, 23]. Boateng [24] finds that regional and international securities must coordinate their actions in the Gulf of Guinea to tackle piracy attacks in floating production storage and offloading vessels. Bryant et al. [25] analyze the impact of various combinations of ship protection measures on pirate attacks at sea. They use data from the International Maritime Bureau Annual Reports from 2010 to 2011, where 452 cases of pirate attacks were examined. The findings indicate that using Watch Keeping (WK) and Enhanced Vigilance (EV), along with at least two protective measures, strongly increases the possibility of preventing pirate attacks.

In the Gulf of Aden, a significant route for global commerce, Somali piracy has become a threat to commercial shipping vessels. Despite the presence of international naval forces, pirates continue to grow and carry out bold attacks, often demanding large ransoms. To combat this, the shipping industry has increasingly turned to private security companies to protect their vessels and cargo. However, criticism exists of using private security companies regarding increased violence and excessive force. Coito, in his research [26], presents the example of conflicts of private military companies in Afghanistan and Iraq as a model to avoid in regard to dealing with maritime piracy. Wang et al. [27] construct a Stackelberg model using incident reports of real-world oil-siphoning attacks to find efficient ways to deploy patrol resources. Their compact formulation and constraint generation algorithm address the exponentially growing strategy spaces for both the defender and attacker, allowing efficient strategies to be computed. To further improve scalability, they propose an abstraction method that leverages intrinsic similarities in the defender’s strategy space, enabling large-scale games to be solved. Their approach shows significant scalability improvements with minimal impact on solution quality in simulations and a case study with actual ship traffic data.

Considering the nexus of sea piracy and other factors, extended literature exists on piracy and socioeconomic and political frameworks [28,29,30]. These studies argue that poor political and economic conditions are the burning material for sea piracy. An analysis by Perouse de Montclos [31] reveals that factors such as political conflicts and crime are responsible for the quantitative growth and modernization of maritime piracy. Jablonski and Oliver’s [32] study argues that piracy occurs partly due to limited prospects within the job market. Employing data from over 3000 separate pirate attacks occurring across various places over time, the authors offer robust arguments revealing how variations in commodity prices impact employment opportunities within risk-prone regions for piracy. The authors' findings emphasize that fluctuations in composite norms prevalent among high-labor or capital-demanding commodities have essential effects on monthly pirating events worldwide. Policymakers must thus take measures to facilitate the labor market if they target limiting the risks stemming from maritime piracy. In another work on the West African coasts [33], by examining patterns across various regions and over time, the authors have established connections between the rising military capacity of failed states and growing incidents of piracy. However, contrary to expectations, their research does not support any link between a country's armed forces' strength and pirate attacks. Instead, they propose that a nation's regime type or underlying institutional frameworks determine the intensity and the number of terrorist activities. Consequently, addressing these issues by bolstering governance stability can help mitigate such criminal activity. Furthermore, a study [34] in and around the Horn of Africa indicates that irrespective of their geographical location, there is a substantial correlation between state fragility and the upsurge in piracy production. On a larger scale, an anarchic situation facilitates petty theft but impedes well-planned heinous crimes unless corrupted regional authorities collaborate with pirates. Consequently, it is imperative to prioritize pirate prevention initiatives in regions struggling with state failure and exhibiting such traits.

Regarding the spatiotemporal patterns of sea piracy, existing studies attempt to forecast or better explain the working mechanisms of its modus operanti. In their article, Daxecker et al. [35] consider previous studies on maritime piracy and assess their empirical reliability in predicting future incidents of this crime. Their study entails various statistical tools, e.g., receiver-operating characteristic plots, out-of-sample forecasts, and outlier analyses, to accurately evaluate several factors believed to contribute to increased instances of pirate attacks. Their results demonstrate a link between military resources, state fragility, population sizes, coastline dimensions, trade volumes, and piracy risk levels. They suggest that policymakers should direct their efforts toward proactive measures concerning critical areas where fragility is predominant. Tsioufis et al. [36] examined the factors that influence the choice of attack areas and spatiotemporal piracy patterns. Their findings reveal an intriguing trend among pirates who tend to choose targets located near ports over those on international waterways. The correlation between piracy incidents, political instability, weak governing systems, and impoverished living conditions is stressed. It is also noted that communication between pirate groups plays a crucial role in planning attacks. Their research offers valuable insights regarding devising effective defense strategies and implementing robust security measures in areas considered at high risk of piracy.

3 Data and empirical methodology

3.1 Data description

The study uses a database from the National Geospatial-Intelligence Agency [37], which records all hostile acts against ships and seafarers worldwide. Covering the period from 2000 to 2022, we concentrated solely on attacks against fossil fuel transportation. Two thousand one hundred forty-five relevant (Fig. 1) observations were retrieved from the database.

Fig. 1
figure 1

Global attacks against tankers from 2000 until 2022

Full size image

Each entry entails the date, the location (longitude and latitude, along with the naval area), the attacker, the victim, and a description that shows if the hostile act was successful and if it took place underway or in position. However, illicit oil flows are difficult to record at that level of detail in all hostilities (e.g., recording the tons of stolen fuels), so we accept all piracy attacks as potential events in our analysis, as long as they have happened against tankers. The idea is the following: regardless of whether a hostile event results in stolen fossil fuels, it still disrupts the proper operation of tankers, thereby disrupting direct or indirect legal oil transportation in favor of illicit oil flows [38] Details of the navigation areas can be found on the Worldwide Met-Ocean website [39].

For the need of our methodology, we transform each registration in our dataset in such a way to resemble a "basket" where all the clients, here hostile events, can buy-select items (features in our initial data) from an identical set of elements. Toward that, the following transformations have been applied: first, we replace the spatial variables of the subregion, longitude and latitude, and navigation area, with a new one common for all our hostile events. We call this new modified item “Location” and it reflects the off- or onshore feature of the attack. The decision rule is the distance closest distance from the coastline. An attack that happened closer than 24 nautical miles from the coastline is considered as an onshore hit [40]. Moreover, from the date item, we choose to keep only the month since it is probable for any event to happen in any month of the year. By examining the month of the attack, we can capture any seasonality patterns. Additionally, by using appropriate rules and filters in the description, we managed to name an event as successful or not and an event that happened when the tanker was underway or anchored in a position. For instance, words in the registered description of each event like “terminal”, “anchored” “berthed”, are coded as an assault on a tanker while in position. Words with opposite meaning are coded as strikes against tankers that are underway. Appropriate coding rules have applied for considering an attack as successful or not.

Furthermore, we estimated the time density of an event compared to the former and latter events in the same area, which is the average time interval between event (t − 1) and event (t) and event (t) and event (t − 1). The average values were classified in quartiles, with the first corresponding to “very high” density, and so on. This concept enables us to understand potential associations between the other features of an event and the time of the strike. Thus, Table 1 that follows, include the matches between raw and modified data, as well as two indicative examples for the readers convenience.

Table 1 Initial raw data of events and modified ones in basket format
Full size table

3.2 Rules of association

The discovery of patterns lies at the core of association rules in data mining and machine learning domains, which helps to explore intricate associations between different items or variables based on dependency/co-occurrence to identify abstract approaches underlying large datasets effectively with their tremendous capabilities. Association rules are defined by the antecedent (premise) and consequent (conclusion), demonstrating that if a specific attribute or element is present, it implies that another feature or characteristic tends to appear. In this analysis, we utilize the standard.

This research uses the Apriori algorithm [4144]. The basic steps are shown in Fig. 2. The fundamental concepts of the algorithm are the frequent itemsets, that is, the sets of an item that has a minimum support level, usually denoted by \({L}_{i}\) for the ith-itemset. The Apriori property includes the join operation, where the \({L}_{k}\) set of k-itemsets is generated by joining \({L}_{k-1}\) with itself, and the pruning step where any {k − 1}-itemset that is not frequent cannot be a subset of a frequent {k}-itemset. In addition, the following concepts are used in the algorithm:

$$Support\left[ {ith - subset} \right] = Transactions of the i - th subset/Total transactions$$
(1)
$$Confidence_{{\left[ {i - th \to j - th subset} \right]}} = Support\left[ {ith,jth} \right] /Support\left[ {ith} \right]$$
(2)
$$lift_{{\left[ {i - th \to j - th subset} \right]}} = Support\left[ {ith,jth} \right] /Support\left[ {ith} \right]$$
(3)
Fig. 2
figure 2

Relative frequency of items from all the hostile acts

Full size image

Given the above concepts and operations, the steps are as follows:

figure a

4 Results and discussion

In this study, we treat the registration of an attack as an item in the possible itemsets of the Apriori algorithm by making the appropriate modifications. This enables us to extract valuable conclusions regarding pirates' tactics and preferences to attack tankers and have a successful outcome. Table 2 shows a random selection of registered events compatible with the Apriori algorithm analysis.

Table 2 A random sample from the registered events in Apriori format
Full size table

Next, Fig. 2 presents the relative frequency of each item from all the events. We see that the most frequent items of these hostile events are the features “onshore”, “success”, and “in position”, which tell, in general, that the most frequent strategy that pirates follow for a successful attack is to hit close to the land and in tankers that are anchored. Nevertheless, if the next most frequent items are included, we may obtain confusing, if not contradictory, results. For example, we see opposite meanings (e.g., underway and in position) or items sharing the same relative frequencies, making the selection of one of them impossible. This is where the adopted algorithm of this research turns into use, as it can create rules of association in the following fashion: if a specific item or items are selected, then what could be the next most likely item to be chosen from pirates? This can be written in the format: Item/s X =  > Item Y. By the term item, we mean a feature of the attack. If these generated rules are combined with the items “success” and “failure”, then we can identify the features that a strike must have to result in potential success. Based on the relative frequencies of all items, we used support and confidence levels of 0.2 and 0.8, respectively, for the generation of our rules. The examined subsets reached a size of four before the algorithm ended. From a set of 22 items and 2145 transactions, we identified 34 association rules. There are eight rules of four items on the left- or right-hand side, sixteen rules consisting of three items, nine rules of two items, and 1 rule of 1 item. Table 3 presents the ten most robust rules based on their lift values. We see that all the rules have the items "success" and "in position" on the right and the left-hand side, respectively, suggesting that these items have a solid tie. All ten rules have a lift value greater than one, implying that the items included on the left- and right-hand sides are found together more often than one would expect by chance. In other words, a high lift value implies the importance of a rule and reflects the actual connection between the items in it. Furthermore, we observe that the onshore term often appears in the ten most robust rules, verifying its significant role, as shown in Fig. 2.

Table 3 Top-10 association rules based on the lift value
Full size table

Regarding the temporal dimension of the attack, we see that all the individual items, i.e., high, moderate, very high, and low, appear in 8 rules out of 10. Last, we see no item regarding the month of the year when the attack happened, suggesting that pirates have no specific preference or seasonality in their hostile actions. To a certain extent, this is explained by the balanced climate weather conditions the areas with dense attacks have all year long.

5 Conclusions

Continual piracy assaults on tankers present a noteworthy peril to maritime trade and security. Typically, involving armed hijackers, these attacks seek to purloin valuable cargo or extract exorbitant ransoms. To effectively counter and prevent piracy in susceptible regions, bolstering security protocols, fostering global cooperation, and implementing naval patrols are essential measures. To that end, studying and analyzing their tactics, strategies, and preferable pathways is crucial. The literature has examined several aspects of their attacks, concentrating primarily on social and economic factors.

Nevertheless, increasing data on hostile actions can be further exploited for mining specific association rules. We used data from the National Geospatial-Intelligence Agency and modified them for this type of analysis, which enabled us to suggest efficient and to-the-point policies. By discovering association rules based on the features of each attack, our analysis attempts to answer its main research question, that is to identify common underlying patterns that pirates follow in their hits. Based on the strongest ten association rules, we summarize the key finding as follows. Pirates strongly prefer to hide near the shore and to attack mostly anchored ships, in contrast to tankers on route or off the coast. This is evident by the existence of the left-hand side items of “in position” and “onshore” in almost all of the strongest association rules in order to have the right-hand side term of “success”. Moreover, another key finding is that there is no specific time density, i.e. the period between the former and the next event within a specific area of the attack, that piratesprefer in their attacks, as all levels (terms) of density exist in the produced rules.. A last concluding remark concerns the item “month”, which is not present in any of the ten most robust association rules. This suggests no seasonal pattern or a specific time preference for a piracy strike, or in other wordsany month of the year is an equally potential date for an attack. Concluding, we argue that pirates, contrary to the conceptual operational framework of random and unplanned strikes, that one would expect out of them, follow conservative attack strategies with safety being a top priority for a successful hit, as they want to attack immobilized targets, close to the coast, and without a foreseeable seasonal pattern. Future research could include socioeconomic data and produce additional rules of association of more items, resulting in further policy suggestions.